MCAS Policy Alert Deactivation

%3CLINGO-SUB%20id%3D%22lingo-sub-1029996%22%20slang%3D%22en-US%22%3EMCAS%20Policy%20Alert%20Deactivation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1029996%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20the%20default%20Policy%20%22Cloud%20Discovery%20anomaly%20detection%22%20active%20in%20MCAS.%20In%20the%20Policy%20itself%20I%20have%20not%20activated%20the%20alerting%20option%20(create%20an%20alert%20for%20each%20matching%20event%20with%20the%20policy's%20severity).%20Nevertheless%2C%20alerts%20are%20generated.%26nbsp%3B%20Our%20goal%20is%20not%20to%20show%20matches%20from%20this%20Policy%20as%20alerts.%20I%20hope%20to%20get%20feedback%20to%20this.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1029996%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECloud%20Discovery%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1030286%22%20slang%3D%22en-US%22%3ERe%3A%20MCAS%20Policy%20Alert%20Deactivation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1030286%22%20slang%3D%22en-US%22%3E%3CP%3EHello!%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F465751%22%20target%3D%22_blank%22%3E%40SebnemK%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EHave%20you%20verified%20by%20editing%20the%20Policy%20that%20the%20following%20option%20is%20disabled%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158758iC476041A4CC244F9%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20need%20this%20Policy%20at%20all%3F%26nbsp%3B%3CBR%20%2F%3EIf%20not%20then%20you%20can%20always%20disable%20it%20(%20But%20I%20dont%20recommend%20it%20)%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158759iEF8B673FA5DD266E%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_1.png%22%20title%3D%22clipboard_image_1.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EKind%20RegardsOliwer%20Sj%C3%B6berg%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We have the default Policy "Cloud Discovery anomaly detection" active in MCAS. In the Policy itself I have not activated the alerting option (create an alert for each matching event with the policy's severity). Nevertheless, alerts are generated.  Our goal is not to show matches from this Policy as alerts. I hope to get feedback to this. 

2 Replies

Hello! @SebnemK 

Have you verified by editing the Policy that the following option is disabled? 

clipboard_image_0.png

 

Do you need this Policy at all? 
If not then you can always disable it ( But I dont recommend it ) 

clipboard_image_1.png

 

Kind Regards
Oliwer Sjöberg

@oliwer_sjobergThanks for your feedback. 

Yes this option is disabled:

 
 
 

image.png

We do not need this Policy right now, we just want to surpress the alerts. Also we do not want to disable the Policy as a whole. In the Policy overview I see that 1 alert is open. But acutally there should be no alerts at all:

image.png

Any idea what else to do?