diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index d98aa0d51c..df7b502201 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -124,6 +124,28 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT >[!NOTE] >If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune. +## File for exception +With Threat & Vulnerability Management, you can create exceptions for recommendations, as an alternative to requesting for remediation. + +There are many reasons why organizations might want to create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides the same level of protection that the recommendation would, a false positive, among other reasons. + +Exceptions can be created for both *Security update* and *Configuration change* recommendations. + +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. + + +1. Navigate to the **Security recommendations** page under the **Threat & Vulnerability Management** section menu. + +2. Click the top-most recommendation. A fly-in panel will open with the recommendation details. + +3. Click **Exception options**. + +4. Select your justification for filing an exception instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. + +5. Click Submit. A confirmation message at the top of the page will indicate that the exception has been created + +6. View all your exceptions (current + past) by navigating to the **Remediation** page under the **Threat & Vulnerability Management** menu and clicking on the **Exceptions** tab. + ## Related topics - [Risk-based Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) - [Threat & Vulnerability Management dashboard overview](tvm-dashboard-insights.md)