Rename force approval docs to bypass compliance

- Rename force-approval.mdx to bypass-compliance.mdx - Update navigation title from "Force Approval" to "Bypass Compliance" - Update all internal links to use new path - Update image paths to /bypass-compliance/ - Update terminology in EDR integration docs
2026-04-16 07:26:35 +00:00 · 2026-01-28 12:51:49 +01:00
parent 568fd9d964
commit 307712b661
8 changed files with 165 additions and 164 deletions
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -126,7 +126,7 @@ export const docsNavigation = [
                            { title: 'Microsoft Intune', href: '/manage/access-control/endpoint-detection-and-response/intune-mdm' },
                            { title: 'SentinelOne Singularity', href: '/manage/access-control/endpoint-detection-and-response/sentinelone-edr' },
                            { title: 'Huntress', href: '/manage/access-control/endpoint-detection-and-response/huntress-edr' },
-                            { title: 'Force Approval', href: '/manage/access-control/endpoint-detection-and-response/force-approval' },
+                            { title: 'Bypass Compliance', href: '/manage/access-control/endpoint-detection-and-response/bypass-compliance' },
                        ]
                    },
                ]
--- a/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx
@@ -0,0 +1,158 @@
 # Bypass Compliance for Non-Compliant Peers
 In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **compliance bypass** mechanism that allows administrators to override compliance rejections on a per-peer basis.
 ## When to Use Compliance Bypass
 Compliance bypass is useful in scenarios such as:
 - **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
 - **Testing and development**: Test devices that may not have EDR agents installed.
 - **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
 - **False positives**: When the EDR platform incorrectly flags a compliant device.
 <Note>
    Compliance bypass should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
 </Note>
 ## How Compliance Bypass Works
 When you bypass compliance for a peer:
 1. The peer immediately gains network access, regardless of its compliance status.
 2. The bypass remains active until:
   - An administrator manually revokes it, OR
   - The device becomes naturally compliant in the EDR system (bypass is automatically removed)
 3. All bypass actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
 ## Bypass Compliance for a Peer
 To bypass compliance for a non-compliant peer:
 1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
 2. Locate the peer showing `Non-compliant` status (red badge)
 3. Hover over the **Bypass** button to see which integration's compliance check will be bypassed
 4. Click the **Bypass** button and confirm the action in the dialog
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypass-button.png" alt="Bypass button" className="imagewrapper-big"/>
 </p>
 The peer will immediately gain network access and the non-compliant status will be replaced with a green `Bypassed` badge.
 ## View Bypassed Peers
 To see all peers that have compliance bypassed:
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Click the **Bypassed** filter button (shows a count badge with the number of bypassed peers)
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypassed-filter.png" alt="Bypassed filter button" className="imagewrapper-big"/>
 </p>
 The filter can be combined with connection status filters:
 - Click **Online** + **Bypassed** to see only online bypassed peers
 - Click **Offline** + **Bypassed** to see only offline bypassed peers
 Hovering over the filter buttons shows helpful tooltips:
 - **Non-Compliant**: "Peers that failed compliance checks and need attention"
 - **Bypassed**: "Peers with compliance checks bypassed by an administrator"
 ## Revoke Compliance Bypass
 To revoke a bypass and return a peer to normal compliance validation:
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Click on the peer with bypassed compliance
 3. Click the **Revoke** button next to the "Bypassed" badge
 4. Confirm the action
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/revoke-bypass.png" alt="Revoke compliance bypass" className="imagewrapper-big"/>
 </p>
 Once revoked, the peer will be subject to normal compliance checks. If the device is still non-compliant, it will lose network access and show the `Non-compliant` status again.
 ## Batch Operations
 You can bypass compliance or revoke bypass for multiple peers at once:
 ### Batch Bypass
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Select multiple peers using the checkboxes (peers must have non-compliant status)
 3. In the action bar that appears at the bottom, click the **Bypass Compliance** button (shield icon)
 4. Confirm the action in the dialog
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass.png" alt="Batch bypass" className="imagewrapper-big"/>
 </p>
 The button shows a count of how many selected peers will have compliance bypassed.
 ### Batch Revoke Bypass
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Select multiple bypassed peers using the checkboxes
 3. In the action bar that appears at the bottom, click the **Revoke Compliance Bypass** button (shield-off icon)
 4. Confirm the action in the dialog
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass.png" alt="Batch revoke bypass" className="imagewrapper-big"/>
 </p>
 <Note>
    Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can have compliance bypassed or revoked.
 </Note>
 ## Automatic Removal of Bypass
 Compliance bypass is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
 - Devices don't retain unnecessary administrative overrides
 - Your security posture improves as devices become compliant
 - You don't need to manually clean up bypasses
 For example, if you bypass compliance for a peer because its EDR agent was temporarily offline, the bypass will be automatically removed once the agent reconnects and the device passes compliance checks.
 ## Activity Logging
 All compliance bypass actions are recorded in the activity log:
 | Event | Description |
 |-------|-------------|
 | `Peer compliance bypassed by admin` | An administrator bypassed compliance for a peer |
 | `Peer compliance bypass revoked` | An administrator or the system removed the bypass |
 You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
 ## API Access
 Compliance bypass can also be managed via the NetBird API:
 ```bash
 # Bypass compliance for a peer
 curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
  -H "Authorization: Token <your-api-token>"
 # Revoke compliance bypass
 curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
  -H "Authorization: Token <your-api-token>"
 # List all bypassed peers
 curl -X GET "https://api.netbird.io/api/peers/edr/bypassed" \
  -H "Authorization: Token <your-api-token>"
 ```
 ## Best Practices
 - **Document exceptions**: Keep a record of why each compliance bypass was granted.
 - **Review regularly**: Periodically review bypassed peers and revoke bypasses that are no longer needed.
 - **Use time-limited access**: Consider revoking bypasses after a defined period.
 - **Monitor activity**: Watch for unusual patterns in bypass usage.
 - **Prefer compliance**: Always aim to bring devices into compliance rather than relying on bypasses.
 <Note>
    Compliance bypass requires the `EDR Update` permission. Only users with appropriate roles can bypass compliance or revoke bypasses.
 </Note>
--- a/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
@@ -89,4 +89,4 @@ with a `Approval required` mark in the peers list and won't be able to access th
 ## Managing Exceptions
-If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
--- a/src/pages/manage/access-control/endpoint-detection-and-response/force-approval.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/force-approval.mdx
@@ -1,157 +0,0 @@
 # Force Approve EDR-Rejected Peers
 In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **force approval** mechanism that allows administrators to override EDR rejections on a per-peer basis.
 ## When to Use Force Approval
 Force approval is useful in scenarios such as:
 - **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
 - **Testing and development**: Test devices that may not have EDR agents installed.
 - **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
 - **False positives**: When the EDR platform incorrectly flags a compliant device.
 <Note>
    Force approval should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
 </Note>
 ## How Force Approval Works
 When you force approve a peer:
 1. The peer immediately gains network access, regardless of its EDR compliance status.
 2. The force approval remains active until:
   - An administrator manually revokes it, OR
   - The device becomes naturally compliant in the EDR system (force approval is automatically removed)
 3. All force approval actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
 ## Force Approve a Peer
 To force approve an EDR-rejected peer:
 1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
 2. Locate the peer showing `Approval required` status
 3. Click on the peer to open its details
 4. Click the **Force Approve** button
 5. Confirm the action in the dialog
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/force-approve-button.png" alt="Force approve button" className="imagewrapper-big"/>
 </p>
 The peer will immediately gain network access and the `Approval required` status will be replaced with a `Force Approved` indicator.
 ## View Force-Approved Peers
 To see all peers that have been force approved:
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Click the **Force Approved** filter button (shows a count badge with the number of force-approved peers)
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/force-approved-filter.png" alt="Force approved filter button" className="imagewrapper-big"/>
 </p>
 The filter can be combined with connection status filters:
 - Click **Online** + **Force Approved** to see only online force-approved peers
 - Click **Offline** + **Force Approved** to see only offline force-approved peers
 Force-approved peers are visually distinguished from naturally compliant peers with a green "Force Approved" badge, making it easy to track which devices have administrative overrides in place.
 ## Revoke Force Approval
 To revoke a force approval and return a peer to normal EDR validation:
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Click on the force-approved peer
 3. Click the **Revoke Force Approval** button
 4. Confirm the action
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/revoke-force-approval.png" alt="Revoke force approval" className="imagewrapper-big"/>
 </p>
 Once revoked, the peer will be subject to normal EDR compliance checks. If the device is still non-compliant, it will lose network access and show `Approval required` status again.
 ## Batch Operations
 You can force approve or revoke force approval for multiple peers at once:
 ### Batch Force Approve
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Select multiple peers using the checkboxes (peers must have `Approval required` status)
 3. In the action bar that appears at the bottom, click the **Force Approve** button (shield icon)
 4. Confirm the action in the dialog
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/batch-force-approve.png" alt="Batch force approve" className="imagewrapper-big"/>
 </p>
 The button shows a count of how many selected peers will be force approved.
 ### Batch Revoke Force Approval
 1. Navigate to the [Peers](https://app.netbird.io/peers) page
 2. Select multiple force-approved peers using the checkboxes
 3. In the action bar that appears at the bottom, click the **Revoke Force Approval** button (shield-off icon)
 4. Confirm the action in the dialog
 <p>
    <img src="/docs-static/img/manage/access-control/endpoint-detection-and-response/force-approval/batch-revoke-force-approval.png" alt="Batch revoke force approval" className="imagewrapper-big"/>
 </p>
 <Note>
    Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can be force approved or have their force approval revoked.
 </Note>
 ## Automatic Removal of Force Approval
 Force approval is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
 - Devices don't retain unnecessary administrative overrides
 - Your security posture improves as devices become compliant
 - You don't need to manually clean up force approvals
 For example, if you force approve a peer because its EDR agent was temporarily offline, the force approval will be automatically removed once the agent reconnects and the device passes compliance checks.
 ## Activity Logging
 All force approval actions are recorded in the activity log:
 | Event | Description |
 |-------|-------------|
 | `Peer force approved by admin` | An administrator granted force approval to a peer |
 | `Peer force approval revoked` | An administrator or the system removed force approval |
 You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
 ## API Access
 Force approval can also be managed via the NetBird API:
 ```bash
 # Force approve a peer
 curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/force-approve" \
  -H "Authorization: Token <your-api-token>"
 # Revoke force approval
 curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/force-approve" \
  -H "Authorization: Token <your-api-token>"
 # List all force-approved peers
 curl -X GET "https://api.netbird.io/api/peers/edr/force-approved" \
  -H "Authorization: Token <your-api-token>"
 ```
 ## Best Practices
 - **Document exceptions**: Keep a record of why each force approval was granted.
 - **Review regularly**: Periodically review force-approved peers and revoke approvals that are no longer needed.
 - **Use time-limited access**: Consider revoking force approvals after a defined period.
 - **Monitor activity**: Watch for unusual patterns in force approval usage.
 - **Prefer compliance**: Always aim to bring devices into compliance rather than relying on force approvals.
 <Note>
    Force approval requires the `EDR Update` permission. Only users with appropriate roles can force approve or revoke approvals.
 </Note>
--- a/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
@@ -92,4 +92,4 @@ Treat the API credentials securely and store them safely. You will need both the
 ## Managing Exceptions
-If you need to grant network access to a peer that fails Huntress compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails Huntress compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
--- a/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
@@ -42,6 +42,6 @@ NetBird integrates with the following EDR platforms:
 ## Managing Exceptions
-In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a force approval mechanism for these scenarios:
+In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a compliance bypass mechanism for these scenarios:
-* [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval)
+* [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance)
--- a/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
@@ -166,4 +166,4 @@ with a `Approval required` mark in the peers list and won't be able to access th
 ## Managing Exceptions
-If you need to grant network access to a peer that fails Intune compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails Intune compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
--- a/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
@@ -112,5 +112,5 @@ Treat the API token securely and store it safely. You will need both the console
 ## Managing Exceptions
-If you need to grant network access to a peer that fails SentinelOne compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.
+If you need to grant network access to a peer that fails SentinelOne compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
@@ -89,4 +89,4 @@ with a `Approval required` mark in the peers list and won't be able to access th

	`## Managing Exceptions`	`## Managing Exceptions`

	`If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.`	`If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.`
`@@ -92,4 +92,4 @@ Treat the API credentials securely and store them safely. You will need both the`

	`## Managing Exceptions`	`## Managing Exceptions`

	`If you need to grant network access to a peer that fails Huntress compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.`	`If you need to grant network access to a peer that fails Huntress compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.`
@@ -166,4 +166,4 @@ with a `Approval required` mark in the peers list and won't be able to access th

	`## Managing Exceptions`	`## Managing Exceptions`

	`If you need to grant network access to a peer that fails Intune compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.`	`If you need to grant network access to a peer that fails Intune compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.`
`@@ -112,5 +112,5 @@ Treat the API token securely and store it safely. You will need both the console`

	`## Managing Exceptions`	`## Managing Exceptions`

	`If you need to grant network access to a peer that fails SentinelOne compliance checks, you can use the force approval feature. See [Force Approve EDR-Rejected Peers](/manage/access-control/endpoint-detection-and-response/force-approval) for details.`	`If you need to grant network access to a peer that fails SentinelOne compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.`