diff --git a/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png b/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png
new file mode 100644
index 0000000000..116c89500d
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png differ
diff --git a/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png b/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png
new file mode 100644
index 0000000000..9742cbe064
Binary files /dev/null and b/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png differ
diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 86bb15de0d..99cdcd7dd9 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -76,9 +76,14 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
 
-2. Scroll down to the **Supression rules** section.
+2. Scroll down to the **Create supression rules** section.
+
+    ![Image of alert status](images/atp-create-suppression-rule.png)
 
 3. Choose the context for suppressing the alert.
+  
+    ![Image of alert status](images/atp-new-suppression-rule.png)
+
   > [!NOTE]
   > You cannot create a custom or blank suppression rule. You must start from an existing alert.
 4. Specify the conditions for when the rule is applied:
@@ -90,6 +95,8 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
     > The SHA1 of the alert cannot be modified
 5. Specify the action and scope on the alert. You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. You can also specify to suppress the alert on the machine only or the whole organization.
 
+6. Click **Save and close**.
+
 
 **See the list of suppression rules:**