Suppress DEFENDER alerts for endpoint (Windows 10/11)

Iron Contributor

Hello,

 

I am trying to find out whether there is a way to suppress Defender for endpoint notification in Windows 10/11. The reason is that we run security testing regularly and I do not want to get end users disturbed by Defender notifications on their computers.

 

I was able to suppress alerts in "Microsoft Defender XDR > Rules > Alert tuning", but this only affect the alerts generated in Defender portal. 

 

We use M365 E3 with M365 E5 Security

 

Thank you.

6 Replies

thank you @rahuljindal-MVP 

 

was reading through the post, and correct me if I'm wrong, but this will block notification in general. So even a real threat notification will be blocked. What I try to achieve is that only the threats generated by our tests will be ignored. We have a folder (e.g. "C:\TESTING") where an agent is located that runs the tests....

Critical notifications will still be displayed.

the problem is that we run adversary emulations that runs modified malware etc... so lots of our testing is marked as "critical" by Defender. I need to disable notifications for the ones generated with our tests so that when, lets say a CEO is on a meeting, he is not getting multiple defender popups reporting threats...

 

The ones that are not triggered by our testing, I want them to work as usual -> defender notification will pop up

Why not suppress all AV alert popups? You will still get detection events through MDE alerts, this only affects end users seeing them. Surely you are not relying on your users to take some vital action when seeing the alert popup.
well... that's what I consider... However, as we are a small organization... I would like to train ppl to report unusual activities (of course, not relying on that only :))

If I cant filter it, I will probably disable it completely