Manage alert suppression
There might be scenarios where you need to suppress alerts from appearing in the portal. You can create suppression rules for specific alerts known to be innocuous, such as known tools or processes in your organization.
View existing rules
You can view a list of all the suppression rules and manage them in one place. You can also turn an alert suppression rule on or off by completing these actions:
In the Microsoft Defender portal, select Settings then select Endpoints and then under Rules select Alert suppression. The list of suppression rules that users in your organization have created is displayed.
Select a rule by selecting the check-box beside the rule name.
Select Turn rule on, Edit rule, or Delete rule. When making changes to a rule, you can choose to release alerts that it has already suppressed, regardless of whether or not these alerts match the new criteria.