Learn Editor: Update alert-policies.md

Author: shalsin

defender-xdr/alert-policies.md

@@ -97,9 +97,9 @@ You can also define user tags as a condition of an alert policy. This definition
 
     ![Configure how alerts are triggered, based on when the activity occurs, a threshold, or unusual activity for your organization.](media/howalertsaretriggered.png)
 
-    If you select the setting based on unusual activity, Microsoft establishes a baseline value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts aren't generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization.
+      If you select the setting based on unusual activity, Microsoft establishes a baseline value that defines the normal frequency for the selected activity. It takes up to seven days to establish this baseline, during which alerts aren't generated. After the baseline is established, an alert is triggered when the frequency of the activity tracked by the alert policy greatly exceeds the baseline value. For auditing-related activities (such as file and folder activities), you can establish a baseline based on a single user or based on all users in your organization; for malware-related activities, you can establish a baseline based on a single malware family, a single recipient, or all messages in your organization.
 
-    > [!NOTE]
+      > [!NOTE]
     > The ability to configure alert policies based on a threshold or based on unusual activity requires an E5/G5 subscription, or an E1/F1/G1 or E3/F3/G3 subscription with a Microsoft Defender for Office 365 P2, Microsoft 365 E5 Compliance, or Microsoft 365 eDiscovery and Audit add-on subscription. Organizations with an E1/F1/G1 and E3/F3/G3 subscription can only create alert policies where an alert is triggered every time that an activity occurs.
 
 - **Alert category**. To help with tracking and managing the alerts generated by a policy, you can assign one of the following categories to a policy.
@@ -344,4 +344,25 @@ Here are some tasks you can perform to manage alerts.
   - The name (and link) of the corresponding alert policy.
   - The incident where the alert is aggregated.
 
-- [**Tune an alert**](investigate-alerts.md#tune-an-alert): You can set properties, conditions, and actions to hide or resolve an alert.
+- **[Tune an alert](investigate-alerts.md#tune-an-alert)**: You can set properties, conditions, and actions to hide or resolve an alert.
+- **Change the severity level for an alert policy**
+
+   1. Sign in to the [Microsoft Purview portal ](https://security.microsoft.com/)using credentials for an admin account in your Microsoft 365 organization.
+   1. In the **Microsoft Defender portal**, navigate to the **Email & Collaboration** section.
+      
+   1. From the left-hand navigation pane, select **Policies & rules**.
+      
+   1. Open the **Alerts policy** page.
+   1. Select the checkbox for the communication compliance policy you want to update, and then click **Edit** under the **Actions** menu.
+      
+   1. In the **Edit Policy** window:
+      
+    - Use the **Severity** dropdown to adjust the alert level as needed.
+        
+    - Modify the **trigger settings** if applicable.
+        
+    - Click **Next** to proceed through the steps.
+        
+   1. **Submit** to apply the new changes to the policy.
+      
+   1. Select **Done**.