cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Clear all Device tags in ATP Portal

slundy99
Copper Contributor

‎Sep 14 2020 08:13 AM

‎Sep 14 2020 08:13 AM

Clear all Device tags in ATP Portal

Is there a way to clear all tags in the ATP portal?  Right now I only see ways of doing it device by device (in portal and via API).  We're instituting new tags and need to remove the old ones.

1,295 Views
0 Likes
5 Replies
Reply
5 Replies
Thijs Lecomte

‎Sep 14 2020 11:11 AM

‎Sep 14 2020 11:11 AM

Re: Clear all Device tags in ATP Portal

There is no quick way to do this through the portal.
You could script this through the API though.
You can write a script which retrieves the current tags and deletes them one by one
0 Likes
Reply
alexandertuvstrom

‎Sep 14 2020 12:28 PM

‎Sep 14 2020 12:28 PM

Re: Clear all Device tags in ATP Portal

@slundy99 

 

You can use Microsoft Flow to talk to the APIs, but you can get similar results with other tools like Logic Apps to automate machine tagging as well.

 

Blog post from the Defender ATP team:

https://techcommunity.microsoft.com/t5/microsoft-defender-atp/automated-machine-tagging-in-just-a-fe...

0 Likes
Reply
slundy99

‎Sep 14 2020 01:42 PM

‎Sep 14 2020 01:42 PM

Re: Clear all Device tags in ATP Portal

@alexandertuvstrom Love the idea, but the advanced hunting requires premium access.  I can do the free trial, but w/o being very knowledgeable in this I worry I'd waste the week just figuring out how to do what is required for what I need.  I'll have to figure out the script option.  Is there an api reference for ATP anywhere I can look at?  I'll search but wanted to ask here as well.

0 Likes
Reply
alexandertuvstrom

‎Sep 14 2020 02:05 PM

‎Sep 14 2020 02:05 PM

Re: Clear all Device tags in ATP Portal

@slundy99 

Oh, I understand. The API access requires OAuth2.0 authentication so you’ll need to take the following steps to use the APIs:

  • Create an AAD application
  • Get an access token using this application
  • Use the token to access Microsoft Defender ATP API
  • Assign the desired permission to the application

Microsoft defender ATP API reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/add-or-re...

 

 

0 Likes
Reply
alexandertuvstrom

‎Sep 14 2020 02:23 PM

‎Sep 14 2020 02:23 PM

Re: Clear all Device tags in ATP Portal

@slundy99 

I found a good script example from anthonws on GitHub: 

https://github.com/anthonws/MDATP_PoSh_Scripts/blob/master/API/API_Tag_Sample.ps1

0 Likes
Reply