User Profile
WhitMc
Copper Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Edit anomaly detection policy by excluding certain endpoints
Does anyone have insight or know of documentation (I have hunted through these discussions and the Microsoft documentation)related to 'Edit anomaly detection policy' to exclude a specific set of devices for a built-in detection policy? Currently, under Edit anomaly detection policy, I can select Scope > Specific users and groups ... where I'm able to create a filter for specified devices. There is an Include and Exclude checkbox and I'm not sure whether these will contradict when trying to exclude a group of devices. Additionally, if there are other more efficient ways to do this rather than creating an Exclude filter within each anomaly detection policy, I'd love to know about it.
