Forum Discussion
Defender tagging based on Intune App policy
Will the issue about tagging devices in the security centre with MDE-management ever be resolved? this has been ongoing for over 10 months and will allow us to smoothly tag and group items in the defender section a whole lot easier.
For some of our clients we NEED this as the current abilities are so basic and useless considering defenders awful naming method.
"Use of dynamic device tagging capabilities in Defender for Endpoint to tag devices with MDE-Management isn't currently supported with security settings management. Devices tagged through this capability don't successfully enroll. This is currently under investigation."
https://learn.microsoft.com/en-us/defender-xdr/configure-asset-rules
1 Reply
I’m aware of this issue, and yes it’s a known limitation at present. Microsoft documentation currently confirms that dynamic tagging of devices with the MDE-Management tag is not fully supported with the “security settings management” functionality. Devices tagged via dynamic rules using MDE-Management may not properly enroll or show up as managed in Defender. Additionally, a more recent update to the Intune / Defender integration states that dynamic asset rules for defining the MDE-Management tag are now supported in public preview (as of a 2025) https://learn.microsoft.com/en-us/intune/intune-service/protect/mde-security-integration
