Are exclusions in Defender for alerts only?

leon_boers · ‎Oct 03 2023

Greetings,

I'm looking into the Detection Exclusions to reduce fasle positives in our environment. I couldn't clearly find if adding exclusions for specific rules only stops the alerts, or the logging of information as well. as this can still be beneficial in correlation with other events or investigation.

Detection exclusions in Microsoft 365 Defender - Microsoft Defender for Identity | Microsoft Learn

Regards,

Léon

leon_boers · ‎Oct 04 2023

@leon_boers if you want to suppress specific alerts in M365 Defender to reduce some false positive alerts, you need to create alert tuning rules (suppression rules) with specific conditions

leon_boers · ‎Oct 06 2023

Thanks @eliekarkafy !

I've set up tuning and will monitor how that works.

for anyone else wanting to start tuning. if you select "tune alert" from the actual alert, you get pre-populated info (like host names etc) in the tuning drop-downs.

eliekarkafy · ‎Oct 06 2023

@leon_boers Correct, that way to fine tune a specific alert with specific hostname , IP , etc....

the other way is to create a tuning with more generic conditions

Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.

Are exclusions in Defender for alerts only?

Are exclusions in Defender for alerts only?

Re: Are exclusions in Defender for alerts only?

Re: Are exclusions in Defender for alerts only?

Re: Are exclusions in Defender for alerts only?

Products (52)

Special Topics (28)

Video Hub (447)

Most Active Hubs

Most Active Hubs

Video Hub

Are exclusions in Defender for alerts only?