Detecting who is changing Alert Suppression rules in Azure Defender - Microsoft Tech Community

There are some scenarios in which the alert that you are receiving in Azure Defender could be a false positive for your environment. If you want to avoid receiving that specific alert, you can create an alert suppression rule. Although the alert suppression is a feature that can be used to optimize your experience, it can also be used with malicious intent in case a user wants to evade detection. To create or delete alert suppression rules, you need to be Security admin or Subscription Owner. If you just need to view the rules, you need to be Security reader or Reader.