Microsoft’s alert-tuning capability (previously called suppression) in Microsoft Defender is intentionally focused on reducing alert noise by changing the handling of aler ts that match defined conditions. When you open the Tune alert pane for an alert you can define conditions and then choose an action . The product documentation and the Tune alert UI show two supported actions: Hide alert (prevents the alert from surfacing in the default alert queue / UI) and Resolve alert (automatically close/resolve the alert so it no longer requires manual triage). Those two actions are the built-in tun ing outcomes designed to reduce fatigue from frequent false positives. Other operations listed in the question—such as deleting alerts, merging alerts, or assigning ownership—are not offered as actions inside the alert-tuning rule itself (assigning or other workflow actions are available elsewhere in the product or via automation), so the on ly valid tuning rule actions are hide and resolve . This behavior is documented in the Microsoft Defender (XDR) “investigate and tune alerts” guidance and in the alert-tuning (suppression) documentation.