Hi @andEssex,

You're right in that you can't monitor compliance without first provisioning the templates. Using the full golden config template is not the best way to approach this. My general strategy when introducing Cat-C templates in a brownfield environment is (roughly) as following:

1. Configure things such as DNS servers, NTP servers and AAA servers under Design > Network settings.
   This should be preferred over templates whenever possible. 
2. Split the golden config into smaller parts to be handled in separate templates.
   E.g. a template named Common for things like VTY config, a template named switching for any L2 switching configuration and one named services for DHCP or similar. 
3. Create a template based on existing golden configuration and try to make them as flexible and reusable as needed.
   It is better to maintain a single template than two templates covering the same features if possible 
4. Test your templates thoroughly to ensure that they configure what you expect.
   Ideally you have a few test devices that you can provision in the lab.
5. Start provisioning your devices.
   I prefer to start with the lowest impact templates(anything that doesn't touch the data plane) and do the provisioning in stages to reduce the associated risk. Use the template simulation feature to validate the output before provisioning any of the more critical devices.
   
   

Once you have done this you should also only be missing the onboarding template to be ready for PNP onboarding new devices. Note that it is sometimes easier to pnpa reset devices and reprovision them completely than trying to remediate it while in service. Good luck!