Forum Discussion
Entity Tagging
Hello,
The client project i am working on has a requirement to 'Tag' entities so that they can assign collections to groups of users rather than have them have access to the whole of the contents of the MDE portal. For example there would be tags for the location 'Loc-UK', tag for a service 'Serv-DNS' etc etc. Is it possible to 'Tag' devices in MDE or is there another method that can be used to filter at this level of detail?? I know from my MDI experience that you can tag entities with 'Sensitive' or 'honeytoken'.
Regards,
Rob
Hi rob_wood_8894,
In the Microsoft Defender Portal, you have the ability to assign tags to devices. https://security.microsoft.com --> Devices (under Assets) --> Select a device and then select Manage tags. Here you can assign tags to specific devices. Then, you can assign those tags to specific device groups from the Settings --> Device Groups section.
It's possible to filter the devices on a specific tag or device group in the Devices section.
Kind Regards,
Tiennes
5 Replies
Hi rob_wood_8894,
In the Microsoft Defender Portal, you have the ability to assign tags to devices. https://security.microsoft.com --> Devices (under Assets) --> Select a device and then select Manage tags. Here you can assign tags to specific devices. Then, you can assign those tags to specific device groups from the Settings --> Device Groups section.
It's possible to filter the devices on a specific tag or device group in the Devices section.
Kind Regards,
Tiennes
- Sorry, and another question, is it possible to automate this in an onboarding script, e.g. using ansible?
yongrheemsftMicrosoft
For adding to a deployment using a management tool (such Ansible):
You can use the API for tagging devices in MDE:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags?view=o365-worldwide
or
You can use the registry for tagging devices in MDE:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-tags?view=o365-worldwide#add-device-tags-by-setting-a-registry-key-value
Note: This one the recommended use, is for Organizational Unit (OU) info as described here:
How to use tagging effectively (Part 2)
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectively-part-2/ba-p/1962008
Other in this blog series:
How to use tagging effectively (Part 1)
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectively-part-1/ba-p/1964058
How to use tagging effectively (Part 3) - Scripting tags
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectively-part-3-scripting-tags/ba-p/1964073
Thx,
Yong Rhee - MSFT
- Thanks Tiennes
Then, you can assign those tags to specific device groups from the Settings --> Device Groups section.
I don't see that? Is that under the main Settings??Hi rob_wood_8894,
Yes, it's in the Settings section. Please follow the steps below:
- Login into https://security.microsoft.com
- Navigate to Settings --> Endpoints
- From the menu, you can navigate to Device groups under Permissions
