diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
index b5d15d6b55..863519b8c2 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 09/03/2018
+ms.date: 04/26/2019
 ---
 
 # Enable block at first sight
@@ -68,6 +68,23 @@ For more information about configuring Windows Defender Antivirus device restric
 
 For a list of Windows Defender Antivirus device restrictions in Intune, see [Device restriction for Windows 10 (and newer) settings in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus).
 
+### Enable block at first sight with SCCM
+
+1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**.
+1. Click **Home** > **Create Antimalware Policy**.
+1. Enter a name and a description, and add these settings:
+   - **Real time protection**
+   - **Advanced**
+   - **Cloud Protection Service**
+1. In the left column, click **Real time protection**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
+   ![Enable real-time protection](images/defender/wdav-protection-settings-wdsc.png)
+1. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
+   ![Enable Advanced settings](images/defender/sccm-advanced-settings.png)
+1. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
+   ![Enable Cloud Protection Service](images/defender/sccm-cloud-protection-service.png)
+1. Click **OK** to create the policy.
+
+
 ### Confirm block at first sight is enabled with Group Policy
 
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png
new file mode 100644
index 0000000000..1fb1745a5f
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-advanced-settings.png differ
diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png
new file mode 100644
index 0000000000..3a47dcf6d8
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-cloud-protection-service.png differ
diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png
new file mode 100644
index 0000000000..1a7467f581
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/defender/sccm-real-time-protection.png differ