Skip to content
Last update: 2022-04-11

Fix policy exclusions

Ensure that exclusions in your endpoint or server Threat Protection policies aren't a security risk.


We recommend that you make as few exclusions as you can and apply them to as few resources and devices as you can.

This page shows how to fix an endpoint policy, but the steps are the same for endpoint and server policies.

If Account Health Check warns that exclusions are causing a significant security risk, do as follows:

  1. In the warning, click the arrow beside each exclusion to see why it's risky.

    You might see warnings for multiple exclusions in a policy, or for multiple policies.

    Policy exclusion details

  2. Click the policy name.

    Policy exclusions warning

  3. The Exclusions section of the policy opens. Select each exclusion that's causing a risk and click the cross on the right to delete it.

    Exclusions list

  4. Click Save at the top of the policy page.

  5. Go to Account Health Check. The policy exclusions check now shows that your exclusions are secure.

    Exclusions check with green checkmark

Back to top