Merge pull request #4963 from MicrosoftDocs/DebLanger-patch-2

Add criticality note - US487724

Author: DebLanger

exposure-management/classify-critical-assets.md

@@ -6,7 +6,7 @@ author: dlanger
 manager: ornat-spodek
 ms.topic: overview
 ms.service: exposure-management
-ms.date: 07/23/2025
+ms.date: 09/08/2025
 ---
 
 # Review and classify critical assets
@@ -34,6 +34,9 @@ Impact analysis and crown jewels analysis are essential methodologies for identi
 
 The NIST Cybersecurity Framework (CSF) 800-53 also emphasizes guidance for asset management and criticality analysis, as outlined in ID.AM-05, which can be found at: [https://csf.tools/reference/nist-cybersecurity-framework/v2-0/id/id-am/id-am-05/](https://csf.tools/reference/nist-cybersecurity-framework/v2-0/id/id-am/id-am-05/).
 
+> [!NOTE]
+> When multiple classification rules apply to an asset, the rule with the highest criticality level takes precedence. This classification remains in effect until the asset no longer meets the criteria for that rule, at which point it will automatically revert to the next applicable classification level.
+
 ## Prerequisites
 
 Before you begin, ensure you meet the following requirements for working with critical assets in Microsoft Security Exposure Management.

exposure-management/predefined-classification-rules-and-levels.md

@@ -25,6 +25,10 @@ Current asset types are:
 
 > [!Note]
 > The critical asset out-of-the-box classification logic classifies your assets based on asset behavior accumulated from Microsoft Defender workloads and  third-party integrations set up in your environment.
+> 
+> When multiple classification rules apply to an asset, the rule with the highest criticality level takes precedence. This classification remains in effect until the asset no longer meets the criteria for that rule, at which point it will automatically revert to the next applicable classification level.
+
+
 
 ##### Device