From 4fa71cddb290818d43b20d97351fd35ab60fc340 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 17 Sep 2025 09:25:22 +0100
Subject: [PATCH 1/3] [Security] Endpoint Exceptions feature privilege in Stack

---
 .../elastic-defend-feature-privileges.md                      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md b/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
index 34d97013fb..d1ad10863d 100644
--- a/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
+++ b/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
@@ -39,8 +39,8 @@ For each of the following sub-feature privileges, select the type of access you
 | --- | --- |
 | **Endpoint List** | Access the [Endpoints](/solutions/security/manage-elastic-defend/endpoints.md) page, which lists all hosts running {{elastic-defend}}, and associated integration details. |
 | **Automatic Troubleshooting** |Access [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md) to check if your hosts have third-party AV software installed.<br><br>**Note:** In {{stack}} 9.0.0, this privilege is called **Endpoint Insights**. |
-| **Endpoint Exceptions** | Add and use [endpoint exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md#endpoint-rule-exceptions).<br><br>**Note:** This privilege is only available in {{serverless-short}}. In {{stack}}, it's included within the **Security** privilege. |
-| **Global Artifact Management** | {applies_to}`stack: ga 9.1` Manage global assignment of endpoint artifacts (e.g., trusted applications, event filters) across all spaces and policies. This privilege controls global assignment rights only; privileges for each artifact type are required for full artifact management. |
+| **Endpoint Exceptions** {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga`| Add and use [endpoint exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md#endpoint-rule-exceptions).<br><br>**Note:** In {{stack}} 9.0.0 and 9.1.0, this privilege is included within the **Security** privilege. |
+| **Global Artifact Management** {applies_to}`stack: ga 9.1` | Manage global assignment of endpoint artifacts (e.g., trusted applications, event filters) across all spaces and policies. This privilege controls global assignment rights only; privileges for each artifact type are required for full artifact management. |
 | **Trusted Applications** | Access the [Trusted applications](/solutions/security/manage-elastic-defend/trusted-applications.md) page to remediate conflicts with other software, such as antivirus or endpoint security applications. |
 | **Host Isolation Exceptions** | Access the [Host isolation exceptions](/solutions/security/manage-elastic-defend/host-isolation-exceptions.md) page to add specific IP addresses that isolated hosts can still communicate with. |
 | **Blocklist** | Access the [Blocklist](/solutions/security/manage-elastic-defend/blocklist.md) page to prevent specified applications from running on hosts, extending the list of processes that {{elastic-defend}} considers malicious. |

From f0beef55c6445aa0be5ab94109b9652a80b57143 Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 17 Sep 2025 11:12:42 +0100
Subject: [PATCH 2/3] address suggestion

---
 .../elastic-defend-feature-privileges.md                        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md b/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
index d1ad10863d..405be4fbbc 100644
--- a/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
+++ b/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
@@ -39,7 +39,7 @@ For each of the following sub-feature privileges, select the type of access you
 | --- | --- |
 | **Endpoint List** | Access the [Endpoints](/solutions/security/manage-elastic-defend/endpoints.md) page, which lists all hosts running {{elastic-defend}}, and associated integration details. |
 | **Automatic Troubleshooting** |Access [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md) to check if your hosts have third-party AV software installed.<br><br>**Note:** In {{stack}} 9.0.0, this privilege is called **Endpoint Insights**. |
-| **Endpoint Exceptions** {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga`| Add and use [endpoint exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md#endpoint-rule-exceptions).<br><br>**Note:** In {{stack}} 9.0.0 and 9.1.0, this privilege is included within the **Security** privilege. |
+| **Endpoint Exceptions** {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga`| Add and use [endpoint exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md#endpoint-rule-exceptions).<br><br>**Note:** In {{stack}} 9.1.0 and earlier, this privilege is included within the **Security** privilege. |
 | **Global Artifact Management** {applies_to}`stack: ga 9.1` | Manage global assignment of endpoint artifacts (e.g., trusted applications, event filters) across all spaces and policies. This privilege controls global assignment rights only; privileges for each artifact type are required for full artifact management. |
 | **Trusted Applications** | Access the [Trusted applications](/solutions/security/manage-elastic-defend/trusted-applications.md) page to remediate conflicts with other software, such as antivirus or endpoint security applications. |
 | **Host Isolation Exceptions** | Access the [Host isolation exceptions](/solutions/security/manage-elastic-defend/host-isolation-exceptions.md) page to add specific IP addresses that isolated hosts can still communicate with. |

From 15025de1faba07e67f7088d498f34b566f7ebb1f Mon Sep 17 00:00:00 2001
From: natasha-moore-elastic <natasha.moore@elastic.co>
Date: Wed, 17 Sep 2025 15:56:32 +0100
Subject: [PATCH 3/3] update order

---
 .../elastic-defend-feature-privileges.md                        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md b/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
index 405be4fbbc..5e070776cd 100644
--- a/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
+++ b/solutions/security/configure-elastic-defend/elastic-defend-feature-privileges.md
@@ -39,12 +39,12 @@ For each of the following sub-feature privileges, select the type of access you
 | --- | --- |
 | **Endpoint List** | Access the [Endpoints](/solutions/security/manage-elastic-defend/endpoints.md) page, which lists all hosts running {{elastic-defend}}, and associated integration details. |
 | **Automatic Troubleshooting** |Access [Automatic Troubleshooting](/solutions/security/manage-elastic-defend/identify-antivirus-software-on-hosts.md) to check if your hosts have third-party AV software installed.<br><br>**Note:** In {{stack}} 9.0.0, this privilege is called **Endpoint Insights**. |
-| **Endpoint Exceptions** {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga`| Add and use [endpoint exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md#endpoint-rule-exceptions).<br><br>**Note:** In {{stack}} 9.1.0 and earlier, this privilege is included within the **Security** privilege. |
 | **Global Artifact Management** {applies_to}`stack: ga 9.1` | Manage global assignment of endpoint artifacts (e.g., trusted applications, event filters) across all spaces and policies. This privilege controls global assignment rights only; privileges for each artifact type are required for full artifact management. |
 | **Trusted Applications** | Access the [Trusted applications](/solutions/security/manage-elastic-defend/trusted-applications.md) page to remediate conflicts with other software, such as antivirus or endpoint security applications. |
 | **Host Isolation Exceptions** | Access the [Host isolation exceptions](/solutions/security/manage-elastic-defend/host-isolation-exceptions.md) page to add specific IP addresses that isolated hosts can still communicate with. |
 | **Blocklist** | Access the [Blocklist](/solutions/security/manage-elastic-defend/blocklist.md) page to prevent specified applications from running on hosts, extending the list of processes that {{elastic-defend}} considers malicious. |
 | **Event Filters** | Access the [Event Filters](/solutions/security/manage-elastic-defend/event-filters.md) page to filter out endpoint events that you don’t want stored in {{es}}. |
+| **Endpoint Exceptions** {applies_to}`stack: ga 9.2` {applies_to}`serverless: ga`| Add and use [endpoint exceptions](/solutions/security/detect-and-alert/add-manage-exceptions.md#endpoint-rule-exceptions).<br><br>**Note:** In {{stack}} 9.1.0 and earlier, this privilege is included within the **Security** privilege. |
 | **{{elastic-defend}} Policy Management** | Access the [Policies](/solutions/security/manage-elastic-defend/policies.md) page and {{elastic-defend}} integration policies to configure protections, event collection, and advanced policy features. |
 | **Response Actions History** | Access the [response actions history](/solutions/security/endpoint-response-actions/response-actions-history.md) for endpoints. |
 | **Host Isolation** | Allow users to [isolate and release hosts](/solutions/security/endpoint-response-actions/isolate-host.md). |