cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Edit anomaly detection policy by excluding certain endpoints

WhitMc
Copper Contributor

‎Dec 20 2022 08:21 AM

‎Dec 20 2022 08:21 AM

Edit anomaly detection policy by excluding certain endpoints

Does anyone have insight or know of documentation (I have hunted through these discussions and the Microsoft documentation) related to 'Edit anomaly detection policy' to exclude a specific set of devices for a built-in detection policy? 

 

Currently, under Edit anomaly detection policy, I can select Scope > Specific users and groups ... where I'm able to create a filter for specified devices. There is an Include and Exclude checkbox and I'm not sure whether these will contradict when trying to exclude a group of devices.

 

Additionally, if there are other more efficient ways to do this rather than creating an Exclude filter within each anomaly detection policy, I'd love to know about it.

 

CloudAppExclude.PNG

273 Views
0 Likes
1 Reply
Reply
1 Reply
WhitMc

‎Dec 20 2022 10:24 AM

‎Dec 20 2022 10:24 AM

Re: Edit anomaly detection policy by excluding certain endpoints

Update and for reference in case someone searches for this in the future - I found documentation about including or excluding specific users or groups here: Create anomaly detection policies in Defender for Cloud Apps - Microsoft Defender for Cloud Apps | M...

0 Likes
Reply