How to use "OR" for conditions in Machine groups?

%3CLINGO-SUB%20id%3D%22lingo-sub-730167%22%20slang%3D%22en-US%22%3EHow%20to%20use%20%22OR%22%20for%20conditions%20in%20Machine%20groups%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-730167%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20figure%20out%20how%20to%20use%20a%20single%20expression%20for%20using%20multiple%20naming%20conventions%20to%20be%20included%20in%20a%20machine%20group.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20conditions%20seems%20to%20lack%20the%20%22OR%22%20function%20and%20in%20my%20case%20I%20am%20seeking%20to%20use%20something%20simple%20as%3A%3C%2FP%3E%3CP%3EMachine%20name%20starts%20(abc%2C%20abd%2C%20ade)%20or%20Machine%20name%20starts%20(%60abc%60%20or%20%60abd%60)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20currently%20have%20several%20machine%20groups%20with%20the%20same%20name%20with%20different%20rules%20that%20works%20but%20its%20a%20messy%20option.%20Updating%20the%20rules%20condition%20block%20to%20accommodate%20%22and%20%22or%22%20and%20allow%20each%20line%20item%20to%20be%20customized%20to%20match%20the%20required%20condition%20would%20be%20far%20more%20user%20friendly.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-731293%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20use%20%22OR%22%20for%20conditions%20in%20Machine%20groups%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-731293%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnother%20solution%20to%20your%20challenge%20would%20be%20using%20tags%20and%20then%20manage%20the%20tags%20outside%20ATP%20(registry%20entry)%3CBR%20%2F%3Emore%20information%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmachine-tags%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fmachine-tags%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ebest%20regards%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMattias%20Borg%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am trying to figure out how to use a single expression for using multiple naming conventions to be included in a machine group.

 

The conditions seems to lack the "OR" function and in my case I am seeking to use something simple as:

Machine name starts (abc, abd, ade) or Machine name starts (`abc` or `abd`)

 

I currently have several machine groups with the same name with different rules that works but its a messy option. Updating the rules condition block to accommodate "and "or" and allow each line item to be customized to match the required condition would be far more user friendly.

 

Thanks

 

 

1 Reply

Hi,

 

Another solution to your challenge would be using tags and then manage the tags outside ATP (registry entry)
more information here: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-t...

 

best regards

 

Mattias Borg