My TechDecisions

IT Infrastructure, Network Security, News

Microsoft is Making it Easier to Tune Defender Alerts

A new alert suppression experience in Microsoft Defender can address alert fatigue and helps IT better triage and resolve alerts.

Leave a Comment

Microsoft Security RSA Conference
Dvoevnore /stock.adobe,com

Microsoft is releasing the public preview of a new alert suppression experience in Microsoft Defender that addresses alert fatigue and helps cybersecurity professionals better triage and resolve alerts.

The new alert suppression experience is designed to provide tighter control and granularity, allowing users to tune Microsoft Defender for Endpoint alerts and manage alerts in advance by streamlining the alert queue and hiding or resolving alerts automatically when a certain expected behavior occurs and rule conditions are met, the company says in a Tech Community blog.

The new alert suppression feature experience also offers the ability to create rule conditions based on evidence types, such as files, processes, scheduled tasks and others that can trigger alerts. After creating a rule, users can apply the rule on the selected alert or any alert type that meets the rule conditions to suppress the alert, according to Microsoft.

The new alert suppression function is available by default, but users can switch back to the previous experience via the Microsoft 365 Defender portal by navigating to Settings > Endpoints > Alert suppression, then switch off the “new suppression rules creation enabled” toggle.

Microsoft says users can also add or change rule conditions and scope of new or existing rules in Microsoft Defender portal by selecting the relevant rule and clicking “Edit rules.”

To begin, select “Create suppression rule” in the summary details section of the alert page, and select “Only this alert type” to apply the rule on the selected alert. Users can also apply the rule on any alert type that meets rule conditions by selecting “Any alert type based on IOC conditions.”

In the IOCs section, users can set multiple rule conditions, by selecting Choose IOCs. Use ANDOR and grouping options to build relationship between these multiple evidence types that cause the alert, per Microsoft.

The new experience also allows users to set the scope by selecting specific devices or the entire organization, or by user. Security admins can also prevent IOCs from being blocked in the future.

Read the Tech Community blog for more information.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ