Forum Discussion

Copper Contributor

Oct 04, 2023

Solved

Are exclusions in Defender for alerts only?

Greetings, I'm looking into the Detection Exclusions to reduce fasle positives in our environment. I couldn't clearly find if adding exclusions for specific rules only stops the alerts, or the log...

identity protection

elieelkarkafi
Oct 04, 2023
leon_boers if you want to suppress specific alerts in M365 Defender to reduce some false positive alerts, you need to create alert tuning rules (suppression rules) with specific conditions

elieelkarkafi

MVP

Oct 04, 2023

leon_boers if you want to suppress specific alerts in M365 Defender to reduce some false positive alerts, you need to create alert tuning rules (suppression rules) with specific conditions

leon_boers
Copper Contributor
Oct 06, 2023
Thanks elieelkarkafi !

I've set up tuning and will monitor how that works.

for anyone else wanting to start tuning. if you select "tune alert" from the actual alert, you get pre-populated info (like host names etc) in the tuning drop-downs.
- elieelkarkafi
  MVP
  Oct 06, 2023
  leon_boers Correct, that way to fine tune a specific alert with specific hostname , IP , etc....
  
  the other way is to create a tuning with more generic conditions
  
  Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.