From b4a2125bc097ea67e3ba0aa56316323feb1c81a4 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Fri, 15 Jan 2021 11:38:36 -0800
Subject: [PATCH] Update defender-endpoint-false-positives-negatives.md

---
 .../defender-endpoint-false-positives-negatives.md          | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
index ee2d488676..5f0e8172e9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md
@@ -137,6 +137,12 @@ Your security team can create indicators for files, IP addresses, URLs, domains,
 
 ## Classify a false positive or false negative
 
+As alerts are triggered, if you see something that was detected as malicious or suspicious that should not be, you can suppress alerts for that entity and classify alerts as false positives. Managing your alerts and classifying false positives helps to train your threat protection solution. Taking these steps also helps reduce noise in your security operations dashboard so that your security team can focus on higher priority work items.
+
+### Suppress an alert
+
+
+
 ### Classify an alert as a false positive
 
 Your security team can classify an alert as a false positive in the Microsoft Defender Security Center, in the Alerts queue.