How can I exclude certain policy violations from certifications, for example mitigated policy violations?
There is an checkbox option when creating certifications to exclude all policy violations:
"Include Policy Violations"
If you wish to only exclude particular policy violations you will need a custom exclusion rule.
The attached sample rule excludes all policy violations that are currently in the Mitigated state.