Are exclusions in Defender for alerts only?

Copper Contributor


I'm looking into the Detection Exclusions to reduce fasle positives in our environment. I couldn't clearly find if adding exclusions for specific rules only stops the alerts, or the logging of information as well. as this can still be beneficial in correlation with other events or investigation.


Detection exclusions in Microsoft 365 Defender - Microsoft Defender for Identity | Microsoft Learn




3 Replies
best response confirmed by leon_boers (Copper Contributor)

@leon_boers if you want to suppress specific alerts in M365 Defender to reduce some false positive alerts, you need to create alert tuning rules (suppression rules) with specific conditions 




Thanks @eliekarkafy !

I've set up tuning and will monitor how that works.


for anyone else wanting to start tuning. if you select "tune alert" from the actual alert, you get pre-populated info (like host names etc) in the tuning drop-downs.



@leon_boers Correct, that way to fine tune a specific alert with specific hostname , IP , etc.... 

the other way is to create a tuning with more generic conditions 


Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.