This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 98%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Dear community !
I want to dismiss all or most of Microsoft Defender for Cloud Security Alerts in Azure to get a "clean slate" and tune our policies for adaptive application control.
I have tried scripting this using REST API, Azure CLI and the Powershell library.
All of the scripts created does close off some alerts, but they don't really close all the alerts it says it does. Looking at the GUI I see that I am getting some errors when trying to manually dismiss the alerts. I suspect this is what happens with my scripts as well, they run without exceptions but Azure is throwing an error in the backend when processing the dismiss action and never returns the error to my scripts.
I get two types of failures in the GUI while manually dismissing them:
Failure to update security alert status
Failed to update security alert Adaptive application control policy violation was audited (ALERT-ID-GOES-HERE) to 'Dismissed'. Please try again later.
Failed to update some security alerts
Some security alerts have failed to update. Please check previously received notifications for more information.
I can't make anything of these errors and google doesen't really give me anything of value either so I am really hoping to get some assistance here. Thanks for all help in advance ! :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 74%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELP%3C/text%3E%3C/svg%3E)
Looks like I'm seeing the same issue. The subscription is active and enabled. Could someone please help?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Alexander Nordbø Thanks for reaching out.
I have seen these errors when the subscription under which the resources are getting these alerts is in disabled state.
Re-confirm if the subscription under which you are getting these alerts for are in enabled and Active state.
If you have the subscription enabled and still you are getting the error, I would need more details to investigate and collect the details offline. Do confirm about above though.
I failed to mention this but I know this can be an issue but in this case its not. The subscriptions are enabled. To me it looks like Azure is thotteling my requests. If I wait a few minutes I can continue dismissing alerts. With that mention its a very ineffective way to dismiss these alerts, as I will probably need to do this again a few times after I have removed them all due to the tuning of this policy.
@Alexander Nordbø Thanks for clarifying that, if that is the case, you should open a support case with the MS and let them find further. As this will need a detailed look at your environment when you try to dismiss them and check things at our backend. They will be able to guide you further.