Forum Discussion
Machine tagging in Defender
Hi all,
I have tagged a number of now inactive devices and added them to a machine group. But whilst I tagged 24 devices, 31 are showing up in my device group. I have tagged the 24 devices InactiveReimaged and the machine group is also InactiveReimaged. I chose to add devices to the group by using the Tag Equals InactiveReimaged option.
I did tag and untag a couple of devices before setting up the group, as a test, but only the 24 devices are, or should be, tagged.
Any ideas on why more devices are showing up, and more importantly, how I can fix this?
- Did you see any duplicate entries in 31? Did you ever tried onboarding/ offboarding same devices more than one time? inactive entries remains in Device inventory until it's reaches the retention period.
Tags can be managed manually or through API.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags?view=o365-worldwide- Yes, there are duplicates as some devices are used for testing and so are reimaged frequently. I know about adding and removing tags manually, as this is what I have done.
My question is why are seemingly untagged devices being added to a machine group that is explicitly for devices with tags.
Are the untagged devices still somehow tagged?- I am not sure what rule you have configured for device group. If any untagged devices or newly onboarded devices matches the rules configured in device group then it will be added to machine group.
