Merged PR 7735: Added Intune procedure, fixed link

windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md

@@ -11,13 +11,9 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/30/2018
+ms.date: 05/02/2018
 ---
 
-
-
-
-
 # Enable the Block at First Sight feature
 
 **Applies to**
@@ -30,6 +26,7 @@ ms.date: 04/30/2018
 
 **Manageability available with**
 
+- Intune
 - Group Policy
 - Windows Defender Security Center app
 
@@ -58,8 +55,6 @@ In Windows 10, version 1803, the Block at First Sight feature can now block non-
 
 The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
 
- 
-
 If the cloud backend is unable to make a determination, the file will be locked by Windows Defender AV while a copy is uploaded to the cloud. The cloud will perform additional analysis to reach a determination before it allows the file to run or blocks it in all future encounters, depending on whether the file is determined to be malicious or safe. 
 
 In many cases this process can reduce the response time for new malware from hours to seconds.
@@ -69,6 +64,23 @@ In many cases this process can reduce the response time for new malware from hou
 
 Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender AV deployments in enterprise networks.
 
+### Confirm Block at First Sight is enabled with Intune
+
+1. In Intune, navigate to **Device configuration - Profiles > *Profile name* > Device restrictions > Windows Defender Antivirus**.
+
+	> [!NOTE]
+	> The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
+
+2. Verify these settings are configured as follows:
+
+	- **Cloud-delivered protection**: **Enable**
+	- **File Blocking Level**: **High**
+	- **Time extension for file scanning by the cloud**: **50**
+	- **Prompt users before sample submission**: **Send all data without prompting**
+
+For more information about configuring Windows Defender AV device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-configure).
+
+For a list of Windows Defender AV device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/en-us/intune/device-restrictions-windows-10#windows-defender-antivirus).
 
 
 ### Confirm Block at First Sight is enabled with Group Policy

windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md

@@ -34,7 +34,7 @@ The Windows Defender Security Center interface is a little different in Windows
 
 ![Screen shot of the Windows Defender Security Center app Virus & threat protection area in Windows 10 in S mode](images/security-center-virus-and-threat-protection-windows-10-in-s-mode.png)
 
-For more information about Windows 10 in S mode, including how to switch out of S mode, see Windows 10 Pro in S mode.
+For more information about Windows 10 in S mode, including how to switch out of S mode, see [Windows 10 Pro/Enterprise in S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode).
 
 ##Managing Windows Defender Security Center settings with Intune