diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx
index f186cf6e..4c74a53a 100644
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -126,7 +126,7 @@ export const docsNavigation = [
{ title: 'Microsoft Intune', href: '/manage/access-control/endpoint-detection-and-response/intune-mdm' },
{ title: 'SentinelOne Singularity', href: '/manage/access-control/endpoint-detection-and-response/sentinelone-edr' },
{ title: 'Huntress', href: '/manage/access-control/endpoint-detection-and-response/huntress-edr' },
- { title: 'Force Approval', href: '/manage/access-control/endpoint-detection-and-response/force-approval' },
+ { title: 'Bypass Compliance', href: '/manage/access-control/endpoint-detection-and-response/bypass-compliance' },
]
},
]
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx
new file mode 100644
index 00000000..fb59d3e5
--- /dev/null
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx
@@ -0,0 +1,158 @@
+# Bypass Compliance for Non-Compliant Peers
+
+In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **compliance bypass** mechanism that allows administrators to override compliance rejections on a per-peer basis.
+
+## When to Use Compliance Bypass
+
+Compliance bypass is useful in scenarios such as:
+
+- **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
+- **Testing and development**: Test devices that may not have EDR agents installed.
+- **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
+- **False positives**: When the EDR platform incorrectly flags a compliant device.
+
+
+ Compliance bypass should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
+
+
+## How Compliance Bypass Works
+
+When you bypass compliance for a peer:
+
+1. The peer immediately gains network access, regardless of its compliance status.
+2. The bypass remains active until:
+ - An administrator manually revokes it, OR
+ - The device becomes naturally compliant in the EDR system (bypass is automatically removed)
+3. All bypass actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
+
+## Bypass Compliance for a Peer
+
+To bypass compliance for a non-compliant peer:
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
+2. Locate the peer showing `Non-compliant` status (red badge)
+3. Hover over the **Bypass** button to see which integration's compliance check will be bypassed
+4. Click the **Bypass** button and confirm the action in the dialog
+
+
+ 
+
+
+The peer will immediately gain network access and the non-compliant status will be replaced with a green `Bypassed` badge.
+
+## View Bypassed Peers
+
+To see all peers that have compliance bypassed:
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Click the **Bypassed** filter button (shows a count badge with the number of bypassed peers)
+
+
+ 
+
+
+The filter can be combined with connection status filters:
+- Click **Online** + **Bypassed** to see only online bypassed peers
+- Click **Offline** + **Bypassed** to see only offline bypassed peers
+
+Hovering over the filter buttons shows helpful tooltips:
+- **Non-Compliant**: "Peers that failed compliance checks and need attention"
+- **Bypassed**: "Peers with compliance checks bypassed by an administrator"
+
+## Revoke Compliance Bypass
+
+To revoke a bypass and return a peer to normal compliance validation:
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Click on the peer with bypassed compliance
+3. Click the **Revoke** button next to the "Bypassed" badge
+4. Confirm the action
+
+
+ 
+
+
+Once revoked, the peer will be subject to normal compliance checks. If the device is still non-compliant, it will lose network access and show the `Non-compliant` status again.
+
+## Batch Operations
+
+You can bypass compliance or revoke bypass for multiple peers at once:
+
+### Batch Bypass
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Select multiple peers using the checkboxes (peers must have non-compliant status)
+3. In the action bar that appears at the bottom, click the **Bypass Compliance** button (shield icon)
+4. Confirm the action in the dialog
+
+
+ 
+
+
+The button shows a count of how many selected peers will have compliance bypassed.
+
+### Batch Revoke Bypass
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Select multiple bypassed peers using the checkboxes
+3. In the action bar that appears at the bottom, click the **Revoke Compliance Bypass** button (shield-off icon)
+4. Confirm the action in the dialog
+
+
+ 
+
+
+
+ Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can have compliance bypassed or revoked.
+
+
+## Automatic Removal of Bypass
+
+Compliance bypass is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
+
+- Devices don't retain unnecessary administrative overrides
+- Your security posture improves as devices become compliant
+- You don't need to manually clean up bypasses
+
+For example, if you bypass compliance for a peer because its EDR agent was temporarily offline, the bypass will be automatically removed once the agent reconnects and the device passes compliance checks.
+
+## Activity Logging
+
+All compliance bypass actions are recorded in the activity log:
+
+| Event | Description |
+|-------|-------------|
+| `Peer compliance bypassed by admin` | An administrator bypassed compliance for a peer |
+| `Peer compliance bypass revoked` | An administrator or the system removed the bypass |
+
+You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
+
+## API Access
+
+Compliance bypass can also be managed via the NetBird API:
+
+```bash
+# Bypass compliance for a peer
+curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
+ -H "Authorization: Token "
+
+# Revoke compliance bypass
+curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
+ -H "Authorization: Token "
+
+# List all bypassed peers
+curl -X GET "https://api.netbird.io/api/peers/edr/bypassed" \
+ -H "Authorization: Token "
+```
+
+## Best Practices
+
+- **Document exceptions**: Keep a record of why each compliance bypass was granted.
+- **Review regularly**: Periodically review bypassed peers and revoke bypasses that are no longer needed.
+- **Use time-limited access**: Consider revoking bypasses after a defined period.
+- **Monitor activity**: Watch for unusual patterns in bypass usage.
+- **Prefer compliance**: Always aim to bring devices into compliance rather than relying on bypasses.
+
+
+ Compliance bypass requires the `EDR Update` permission. Only users with appropriate roles can bypass compliance or revoke bypasses.
+
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
index c65e225d..f6e23521 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
@@ -89,4 +89,4 @@ with a `Approval required` mark in the peers list and won't be able to access th
## Managing Exceptions
-If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/force-approval.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/force-approval.mdx
deleted file mode 100644
index 38fb7e47..00000000
--- a/src/pages/manage/access-control/endpoint-detection-and-response/force-approval.mdx
+++ /dev/null
@@ -1,157 +0,0 @@
-# Force Approve EDR-Rejected Peers
-
-In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **force approval** mechanism that allows administrators to override EDR rejections on a per-peer basis.
-
-## When to Use Force Approval
-
-Force approval is useful in scenarios such as:
-
-- **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
-- **Testing and development**: Test devices that may not have EDR agents installed.
-- **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
-- **False positives**: When the EDR platform incorrectly flags a compliant device.
-
-
- Force approval should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
-
-
-## How Force Approval Works
-
-When you force approve a peer:
-
-1. The peer immediately gains network access, regardless of its EDR compliance status.
-2. The force approval remains active until:
- - An administrator manually revokes it, OR
- - The device becomes naturally compliant in the EDR system (force approval is automatically removed)
-3. All force approval actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
-
-## Force Approve a Peer
-
-To force approve an EDR-rejected peer:
-
-1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
-2. Locate the peer showing `Approval required` status
-3. Click on the peer to open its details
-4. Click the **Force Approve** button
-5. Confirm the action in the dialog
-
-
- 
-
-
-The peer will immediately gain network access and the `Approval required` status will be replaced with a `Force Approved` indicator.
-
-## View Force-Approved Peers
-
-To see all peers that have been force approved:
-
-1. Navigate to the [Peers](https://app.netbird.io/peers) page
-2. Click the **Force Approved** filter button (shows a count badge with the number of force-approved peers)
-
-
- 
-
-
-The filter can be combined with connection status filters:
-- Click **Online** + **Force Approved** to see only online force-approved peers
-- Click **Offline** + **Force Approved** to see only offline force-approved peers
-
-Force-approved peers are visually distinguished from naturally compliant peers with a green "Force Approved" badge, making it easy to track which devices have administrative overrides in place.
-
-## Revoke Force Approval
-
-To revoke a force approval and return a peer to normal EDR validation:
-
-1. Navigate to the [Peers](https://app.netbird.io/peers) page
-2. Click on the force-approved peer
-3. Click the **Revoke Force Approval** button
-4. Confirm the action
-
-
- 
-
-
-Once revoked, the peer will be subject to normal EDR compliance checks. If the device is still non-compliant, it will lose network access and show `Approval required` status again.
-
-## Batch Operations
-
-You can force approve or revoke force approval for multiple peers at once:
-
-### Batch Force Approve
-
-1. Navigate to the [Peers](https://app.netbird.io/peers) page
-2. Select multiple peers using the checkboxes (peers must have `Approval required` status)
-3. In the action bar that appears at the bottom, click the **Force Approve** button (shield icon)
-4. Confirm the action in the dialog
-
-
- 
-
-
-The button shows a count of how many selected peers will be force approved.
-
-### Batch Revoke Force Approval
-
-1. Navigate to the [Peers](https://app.netbird.io/peers) page
-2. Select multiple force-approved peers using the checkboxes
-3. In the action bar that appears at the bottom, click the **Revoke Force Approval** button (shield-off icon)
-4. Confirm the action in the dialog
-
-
- 
-
-
-
- Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can be force approved or have their force approval revoked.
-
-
-## Automatic Removal of Force Approval
-
-Force approval is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
-
-- Devices don't retain unnecessary administrative overrides
-- Your security posture improves as devices become compliant
-- You don't need to manually clean up force approvals
-
-For example, if you force approve a peer because its EDR agent was temporarily offline, the force approval will be automatically removed once the agent reconnects and the device passes compliance checks.
-
-## Activity Logging
-
-All force approval actions are recorded in the activity log:
-
-| Event | Description |
-|-------|-------------|
-| `Peer force approved by admin` | An administrator granted force approval to a peer |
-| `Peer force approval revoked` | An administrator or the system removed force approval |
-
-You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
-
-## API Access
-
-Force approval can also be managed via the NetBird API:
-
-```bash
-# Force approve a peer
-curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/force-approve" \
- -H "Authorization: Token "
-
-# Revoke force approval
-curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/force-approve" \
- -H "Authorization: Token "
-
-# List all force-approved peers
-curl -X GET "https://api.netbird.io/api/peers/edr/force-approved" \
- -H "Authorization: Token "
-```
-
-## Best Practices
-
-- **Document exceptions**: Keep a record of why each force approval was granted.
-- **Review regularly**: Periodically review force-approved peers and revoke approvals that are no longer needed.
-- **Use time-limited access**: Consider revoking force approvals after a defined period.
-- **Monitor activity**: Watch for unusual patterns in force approval usage.
-- **Prefer compliance**: Always aim to bring devices into compliance rather than relying on force approvals.
-
-
- Force approval requires the `EDR Update` permission. Only users with appropriate roles can force approve or revoke approvals.
-
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
index 8b116cd5..33523191 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
@@ -92,4 +92,4 @@ Treat the API credentials securely and store them safely. You will need both the
## Managing Exceptions
-If you need to grant network access to a peer that fails Huntress compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
\ No newline at end of file
+If you need to grant network access to a peer that fails Huntress compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
\ No newline at end of file
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
index bfe4eda4..d81dcaba 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
@@ -42,6 +42,6 @@ NetBird integrates with the following EDR platforms:
## Managing Exceptions
-In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a force approval mechanism for these scenarios:
+In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a compliance bypass mechanism for these scenarios:
-* [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval)
+* [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance)
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
index 08689d74..621b9d46 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
@@ -166,4 +166,4 @@ with a `Approval required` mark in the peers list and won't be able to access th
## Managing Exceptions
-If you need to grant network access to a peer that fails Intune compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails Intune compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
index ae40890b..01c8800d 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
@@ -112,5 +112,5 @@ Treat the API token securely and store it safely. You will need both the console
## Managing Exceptions
-If you need to grant network access to a peer that fails SentinelOne compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails SentinelOne compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.