From 593e88abae3a0d4d650d43d98d09f6e9d9d2fdb5 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Thu, 14 Jan 2021 15:32:05 -0800
Subject: [PATCH] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index 21a9dffad4..ee2d488676 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -137,12 +137,17 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 ## Classify a false positive or false negative
 
-### Suppress alerts for a false positive
+### Classify an alert as a false positive
 
-To suppress an alert, you create an alert suppression rule. 
+Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue. 
 
-1. Go to the Microsoft Defender Security Center ()
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in.
+2. Select **Alerts queue**, and then select an alert that is a false positive.
+3. For the selected alert, select **Actions** > **Manage alert**. A flyout pane opens.
+4. In the **Manage alert** section, select **True alert** or **False alert**. Use **False alert** to classify a false positive.
 
+> [!TIP]
+> For more details about suppressing alerts, see [Manage Microsoft Defender for Endpoint alerts](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-alerts).
 
 ## Submit a file for analysis