Clear all Device tags in ATP Portal

%3CLINGO-SUB%20id%3D%22lingo-sub-1664739%22%20slang%3D%22en-US%22%3EClear%20all%20Device%20tags%20in%20ATP%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1664739%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20clear%20all%20tags%20in%20the%20ATP%20portal%3F%26nbsp%3B%20Right%20now%20I%20only%20see%20ways%20of%20doing%20it%20device%20by%20device%20(in%20portal%20and%20via%20API).%26nbsp%3B%20We're%20instituting%20new%20tags%20and%20need%20to%20remove%20the%20old%20ones.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1665628%22%20slang%3D%22en-US%22%3ERe%3A%20Clear%20all%20Device%20tags%20in%20ATP%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1665628%22%20slang%3D%22en-US%22%3EThere%20is%20no%20quick%20way%20to%20do%20this%20through%20the%20portal.%3CBR%20%2F%3EYou%20could%20script%20this%20through%20the%20API%20though.%3CBR%20%2F%3EYou%20can%20write%20a%20script%20which%20retrieves%20the%20current%20tags%20and%20deletes%20them%20one%20by%20one%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1665878%22%20slang%3D%22en-US%22%3ERe%3A%20Clear%20all%20Device%20tags%20in%20ATP%20Portal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1665878%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F793043%22%20target%3D%22_blank%22%3E%40slundy99%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EYou%20can%26nbsp%3B%3CSPAN%3Euse%20%3C%2FSPAN%3EMicrosoft%20Flow%26nbsp%3B%3CSPAN%3Eto%20talk%20to%20the%20APIs%2C%20but%20you%20can%20get%20similar%20results%20with%20other%20tools%20like%20%3C%2FSPAN%3ELogic%20Apps%20to%20automate%20machine%20tagging%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBlog%20post%20from%20the%20Defender%20ATP%20team%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-atp%2Fautomated-machine-tagging-in-just-a-few-simple-steps%2Fba-p%2F309377%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-defender-atp%2Fautomated-machine-tagging-in-just-a-few-simple-steps%2Fba-p%2F309377%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Is there a way to clear all tags in the ATP portal?  Right now I only see ways of doing it device by device (in portal and via API).  We're instituting new tags and need to remove the old ones.

5 Replies
Highlighted
There is no quick way to do this through the portal.
You could script this through the API though.
You can write a script which retrieves the current tags and deletes them one by one
Highlighted

@slundy99 

 

You can use Microsoft Flow to talk to the APIs, but you can get similar results with other tools like Logic Apps to automate machine tagging as well.

 

Blog post from the Defender ATP team:

https://techcommunity.microsoft.com/t5/microsoft-defender-atp/automated-machine-tagging-in-just-a-fe...

Highlighted

@alexandertuvstrom Love the idea, but the advanced hunting requires premium access.  I can do the free trial, but w/o being very knowledgeable in this I worry I'd waste the week just figuring out how to do what is required for what I need.  I'll have to figure out the script option.  Is there an api reference for ATP anywhere I can look at?  I'll search but wanted to ask here as well.

Highlighted

@slundy99 

Oh, I understand. The API access requires OAuth2.0 authentication so you’ll need to take the following steps to use the APIs:

  • Create an AAD application
  • Get an access token using this application
  • Use the token to access Microsoft Defender ATP API
  • Assign the desired permission to the application

Microsoft defender ATP API reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/add-or-re...

 

 

Highlighted