diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass-button.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass-button.png
new file mode 100644
index 00000000..4b6af279
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass-button.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass.png
new file mode 100644
index 00000000..f453073f
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-bypass.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass-button.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass-button.png
new file mode 100644
index 00000000..f5603c97
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass-button.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass.png
new file mode 100644
index 00000000..eb622d40
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/batch-revoke-bypass.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypass-button.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypass-button.png
new file mode 100644
index 00000000..115b5973
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypass-button.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypassed-filter.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypassed-filter.png
new file mode 100644
index 00000000..afc1e954
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/bypassed-filter.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/general-view.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/general-view.png
new file mode 100644
index 00000000..f253a828
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/general-view.png differ
diff --git a/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/revoke-bypass.png b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/revoke-bypass.png
new file mode 100644
index 00000000..5ff3f418
Binary files /dev/null and b/public/docs-static/img/manage/access-control/endpoint-detection-and-response/bypass-compliance/revoke-bypass.png differ
diff --git a/src/components/NavigationDocs.jsx b/src/components/NavigationDocs.jsx
index 602de690..4c74a53a 100644
--- a/src/components/NavigationDocs.jsx
+++ b/src/components/NavigationDocs.jsx
@@ -126,6 +126,7 @@ export const docsNavigation = [
{ title: 'Microsoft Intune', href: '/manage/access-control/endpoint-detection-and-response/intune-mdm' },
{ title: 'SentinelOne Singularity', href: '/manage/access-control/endpoint-detection-and-response/sentinelone-edr' },
{ title: 'Huntress', href: '/manage/access-control/endpoint-detection-and-response/huntress-edr' },
+ { title: 'Bypass Compliance', href: '/manage/access-control/endpoint-detection-and-response/bypass-compliance' },
]
},
]
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx
new file mode 100644
index 00000000..ef3bf323
--- /dev/null
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/bypass-compliance.mdx
@@ -0,0 +1,167 @@
+# Bypass Compliance for Non-Compliant Peers
+
+In some situations, you may need to grant network access to a peer that fails EDR or MDM compliance checks. NetBird provides a **compliance bypass** mechanism that allows administrators to override compliance rejections on a per-peer basis.
+
+## When to Use Compliance Bypass
+
+Compliance bypass is useful in scenarios such as:
+
+- **Temporary exceptions**: A device needs immediate network access while compliance issues are being resolved.
+- **Testing and development**: Test devices that may not have EDR agents installed.
+- **Legacy devices**: Older devices that cannot run the required EDR agent but still need limited network access.
+- **False positives**: When the EDR platform incorrectly flags a compliant device.
+
+
+ Compliance bypass should be used sparingly and only when necessary. It bypasses security controls designed to protect your network.
+
+
+## How Compliance Bypass Works
+
+When you bypass compliance for a peer:
+
+1. The peer immediately gains network access, regardless of its compliance status.
+2. The bypass remains active until:
+ - An administrator manually revokes it, OR
+ - The device becomes naturally compliant in the EDR system (bypass is automatically removed)
+3. All bypass actions are logged in the [Activity Events](/manage/activity-events) for audit purposes.
+
+## Bypass Compliance for a Peer
+
+To bypass compliance for a non-compliant peer:
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page in the NetBird dashboard
+2. Locate the peer showing `Non-compliant` status (red badge)
+3. Hover over the **Bypass** button to see which integration's compliance check will be bypassed
+
+ 
+
+4. Click the **Bypass** button and confirm the action in the dialog
+
+
+ 
+
+
+The peer will immediately gain network access and the non-compliant status will be replaced with a green `Bypassed` badge.
+
+## View Bypassed Peers
+
+To see all peers that have compliance bypassed:
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Click the **Bypassed** filter button (shows a count badge with the number of bypassed peers)
+
+
+ 
+
+
+The filter can be combined with connection status filters:
+- Click **Online** + **Bypassed** to see only online bypassed peers
+- Click **Offline** + **Bypassed** to see only offline bypassed peers
+
+Hovering over the filter buttons shows helpful tooltips:
+- **Non-Compliant**: "Peers that failed compliance checks and need attention"
+- **Bypassed**: "Peers with compliance checks bypassed by an administrator"
+
+## Revoke Compliance Bypass
+
+To revoke a bypass and return a peer to normal compliance validation:
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Click on the peer with bypassed compliance
+3. Click the **Revoke** button next to the "Bypassed" badge
+4. Confirm the action
+
+
+ 
+
+
+Once revoked, the peer will be subject to normal compliance checks. If the device is still non-compliant, it will lose network access and show the `Non-compliant` status again.
+
+## Batch Operations
+
+You can bypass compliance or revoke bypass for multiple peers at once:
+
+### Batch Bypass
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Select multiple peers using the checkboxes (peers must have non-compliant status)
+
+ 
+
+3. In the action bar that appears at the bottom, click the **Bypass Compliance** button (shield icon)
+4. Confirm the action in the dialog
+
+
+ 
+
+
+The button shows a count of how many selected peers will have compliance bypassed.
+
+### Batch Revoke Bypass
+
+1. Navigate to the [Peers](https://app.netbird.io/peers) page
+2. Select multiple bypassed peers using the checkboxes
+
+ 
+
+3. In the action bar that appears at the bottom, click the **Revoke Compliance Bypass** button (shield-off icon)
+4. Confirm the action in the dialog
+
+
+ 
+
+
+
+ Batch operation buttons only appear when you have an EDR integration enabled and have selected peers that can have compliance bypassed or revoked.
+
+
+## Automatic Removal of Bypass
+
+Compliance bypass is automatically removed when a device becomes naturally compliant in your EDR platform. This ensures that:
+
+- Devices don't retain unnecessary administrative overrides
+- Your security posture improves as devices become compliant
+- You don't need to manually clean up bypasses
+
+For example, if you bypass compliance for a peer because its EDR agent was temporarily offline, the bypass will be automatically removed once the agent reconnects and the device passes compliance checks.
+
+## Activity Logging
+
+All compliance bypass actions are recorded in the activity log:
+
+| Event | Description |
+|-------|-------------|
+| `Peer compliance bypassed by admin` | An administrator bypassed compliance for a peer |
+| `Peer compliance bypass revoked` | An administrator or the system removed the bypass |
+
+You can view these events in the [Activity Events](/manage/activity-events) page, including details about which administrator performed the action and the original rejection reason.
+
+## API Access
+
+Compliance bypass can also be managed via the NetBird API:
+
+```bash
+# Bypass compliance for a peer
+curl -X POST "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
+ -H "Authorization: Token "
+
+# Revoke compliance bypass
+curl -X DELETE "https://api.netbird.io/api/peers/{peer-id}/edr/bypass" \
+ -H "Authorization: Token "
+
+# List all bypassed peers
+curl -X GET "https://api.netbird.io/api/peers/edr/bypassed" \
+ -H "Authorization: Token "
+```
+
+## Best Practices
+
+- **Document exceptions**: Keep a record of why each compliance bypass was granted.
+- **Review regularly**: Periodically review bypassed peers and revoke bypasses that are no longer needed.
+- **Use time-limited access**: Consider revoking bypasses after a defined period.
+- **Monitor activity**: Watch for unusual patterns in bypass usage.
+- **Prefer compliance**: Always aim to bring devices into compliance rather than relying on bypasses.
+
+
+ Compliance bypass requires the `EDR Update` permission. Only users with appropriate roles can bypass compliance or revoke bypasses.
+
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
index 82ccd3db..f6e23521 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/crowdstrike-edr.mdx
@@ -86,3 +86,7 @@ with a `Approval required` mark in the peers list and won't be able to access th
If you install the CrowdStrike agent on a peer after it joined the network, you will need to disconnect and reconnect
this peer for the `Approval required` mark to disappear.
+
+## Managing Exceptions
+
+If you need to grant network access to a peer that fails CrowdStrike compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
index cf0f3a0b..33523191 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/huntress-edr.mdx
@@ -88,4 +88,8 @@ Treat the API credentials securely and store them safely. You will need both the
NetBird matches the Huntress agent to the peer using the Serial Number of the device. You must ensure that each of your devices has a unique serial number.
-
\ No newline at end of file
+
+
+## Managing Exceptions
+
+If you need to grant network access to a peer that fails Huntress compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
\ No newline at end of file
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
index e4fcd93d..d81dcaba 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/index.mdx
@@ -36,5 +36,12 @@ the checks to apply.
NetBird integrates with the following EDR platforms:
* [CrowdStrike Falcon](/manage/access-control/endpoint-detection-and-response/crowdstrike-edr)
+* [Huntress](/manage/access-control/endpoint-detection-and-response/huntress-edr)
* [Microsoft Intune](/manage/access-control/endpoint-detection-and-response/intune-mdm)
* [SentinelOne Singularity](/manage/access-control/endpoint-detection-and-response/sentinelone-edr)
+
+## Managing Exceptions
+
+In some cases, you may need to grant network access to devices that don't meet EDR compliance requirements. NetBird provides a compliance bypass mechanism for these scenarios:
+
+* [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance)
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
index 08f72f59..621b9d46 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/intune-mdm.mdx
@@ -163,3 +163,7 @@ with a `Approval required` mark in the peers list and won't be able to access th
- Devices with a Intune compliance state of `Compliant` or `InGracePeriod` are accepted; all other states are rejected.
- New devices or those that recently achieved compliance may need to be disconnected and reconnected to NetBird to propagate updated status.
- NetBird regularly synchronizes with Intune every few minutes, so changes in compliance can take some time to reflect on the dashboard.
+
+## Managing Exceptions
+
+If you need to grant network access to a peer that fails Intune compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
diff --git a/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx b/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
index c7c66141..01c8800d 100644
--- a/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
+++ b/src/pages/manage/access-control/endpoint-detection-and-response/sentinelone-edr.mdx
@@ -110,3 +110,7 @@ Treat the API token securely and store it safely. You will need both the console
NetBird matches the SentinelOne agent to the peer using the Serial Number of the device. You must ensure that each of your devices has a unique serial number.
+## Managing Exceptions
+
+If you need to grant network access to a peer that fails SentinelOne compliance checks, you can bypass compliance for that peer. See [Bypass Compliance for Non-Compliant Peers](/manage/access-control/endpoint-detection-and-response/bypass-compliance) for details.
+