You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-endpoint/manage-suppression-rules.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ ms.collection:
13
13
ms.topic: conceptual
14
14
ms.subservice: edr
15
15
search.appverid: met150
16
-
ms.date: 12/18/2020
16
+
ms.date: 06/25/2024
17
17
---
18
18
19
19
# Manage suppression rules
@@ -28,13 +28,14 @@ ms.date: 12/18/2020
28
28
29
29
> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://signup.microsoft.com/create-account/signup?products=7f379fee-c4f9-4278-b0a1-e4c8c2fcdf7e&ru=https://aka.ms/MDEp2OpenTrial?ocid=docs-wdatp-exposedapis-abovefoldlink)
30
30
31
-
32
31
There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts that are known to be innocuous such as known tools or processes in your organization. For more information on how to suppress alerts, see [Suppress alerts](manage-alerts.md).
33
32
34
33
You can view a list of all the suppression rules and manage them in one place. You can also turn an alert suppression rule on or off.
35
34
35
+
> [!IMPORTANT]
36
+
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
36
37
37
-
1. Sign in to the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2077139) using an account with the Security administrator or Global administrator role assigned.
38
+
1. Sign in to the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2077139) using an account with the Security administrator or Global Administrator role assigned.
38
39
39
40
2. In the navigation pane, select **Settings**\>**Endpoints**\>**Rules**\>**Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
40
41
@@ -47,9 +48,10 @@ You can view a list of all the suppression rules and manage them in one place. Y
47
48
48
49
1. In the navigation pane, select **Settings**\>**Endpoints**\>**Rules**\>**Alert suppression**. The list of suppression rules that users in your organization have created is displayed.
49
50
50
-
2.Click on a rule name. Details of the rule is displayed. You'll see the rule details such as status, scope, action, number of matching alerts, created by, and date when the rule was created. You can also view associated alerts and the rule conditions.
51
+
2.Select a rule name. Details of the rule is displayed. You'll see the rule details such as status, scope, action, number of matching alerts, created by, and date when the rule was created. You can also view associated alerts and the rule conditions.
51
52
52
53
## Related topics
53
54
54
55
-[Manage alerts](manage-alerts.md)
56
+
55
57
[!INCLUDE [Microsoft Defender for Endpoint Tech Community](../includes/defender-mde-techcommunity.md)]
0 commit comments