DeltaPulse now has a public MCP server. Add / integrate this tool with your Copilot Agent(s).

MCP Documentation

(Public Preview) New built in alert tuning rules for Microsoft Defender for Endpoint in Microsoft Defender XDR

Message ID
MC1228325
View in Message Center
Service
Microsoft Defender XDR
Category
Stay Informed
Tag
Admin impact
Rollout
February 2026

Summary

Microsoft Defender XDR will add six new built-in alert tuning rules for Microsoft Defender for Endpoint starting February 8, 2026, to reduce low-priority alerts. Rules are visible for review until February 18, then activate by default but can be disabled anytime by admins. No action needed for default use.

Details

[Introduction]

Microsoft Defender XDR is adding six new Microsoft-curated built-in alert tuning rules for Microsoft Defender for Endpoint (MDE) to help reduce low-priority endpoint alerts reaching your queues.

[When this will happen:]

  • February 8, 2026: Rules become visible in the portal (Preview) for review.
  • February 8–February 18, 2026: Rules are visible but not active, so you can review and opt out if needed.
  • February 18, 2026: Rules become active by default.

[How this affects your organization:]

Who is affected: Admins using Microsoft Defender XDR with MDE.

What will happen:

  • With the default experience, you should see fewer informational or low severity endpoint alerts in your incident/alert queues, because matching alerts will be handled automatically.
  • Some rules use Resolve and others use Set as Behavior, which reclassifies an alert as a behavior record. These alerts will not appear in open alert queues. They also will not generate incidents, while still remaining available for investigation and hunting.
  • You stay in control: all built in rules are visible in Settings > Microsoft Defender XDR > Alert Tuning, and you can disable any rule anytime.

[What you can do to prepare:]

  • No action required if you want the default experience.
  • To opt out, review and disable any of the new MDE rules during February 8–February 18, 2026 (you can still disable later, but the rules will be on by default starting February 18, 2026).
  • If you manage multiple tenants, you can manage rule enablement at scale using Multi-Tenant Organization (MTO) content distribution.

Learn more

[Compliance considerations:]

No compliance considerations identified; review as appropriate for your organization.

Change History

Show
Published: February 6, 2026
Last Updated: February 6, 2026
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free