Windows 10 machines first check their registry and only if there are no information there they check the SCP. So for your questions:
- You don't even need to configure the SCP when you go through the Azure AD Connect wizard. You can just download the PowerShell script and do it later. Some organizations even have to do it this way because the admin of the Azure AD Connect servers don't necessarly have permission to write the SCP on their own. So they download the script and they send it to the AD admins.
- You can do it manully, you can also download the script from the Azure AD Connect wizard: