Forum Discussion
Solved
Are exclusions in Defender for alerts only?
Greetings,
I'm looking into the Detection Exclusions to reduce fasle positives in our environment. I couldn't clearly find if adding exclusions for specific rules only stops the alerts, or the logging of information as well. as this can still be beneficial in correlation with other events or investigation.
Detection exclusions in Microsoft 365 Defender - Microsoft Defender for Identity | Microsoft Learn
Regards,
Léon
leon_boers if you want to suppress specific alerts in M365 Defender to reduce some false positive alerts, you need to create alert tuning rules (suppression rules) with specific conditions
3 Replies
leon_boers if you want to suppress specific alerts in M365 Defender to reduce some false positive alerts, you need to create alert tuning rules (suppression rules) with specific conditions
Thanks elieelkarkafi !
I've set up tuning and will monitor how that works.for anyone else wanting to start tuning. if you select "tune alert" from the actual alert, you get pre-populated info (like host names etc) in the tuning drop-downs.
leon_boers Correct, that way to fine tune a specific alert with specific hostname , IP , etc....
the other way is to create a tuning with more generic conditions
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
