cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Microsoft 365 Defender - where to create a custom list of devices

marktait19
Copper Contributor

‎Feb 10 2023 01:14 AM

‎Feb 10 2023 01:14 AM

Microsoft 365 Defender - where to create a custom list of devices

Hi - where in MS 365 Defender can I create a custom list of devices, that I can just update once and reference in multiple KQL queries?

 

I have looked in Settings - there is no option for Microsoft Defender for Endpoint lists.

 

Thanks for any help,

 

Mark

1,614 Views
0 Likes
5 Replies
Reply
5 Replies
Robina

‎Feb 10 2023 09:10 AM

‎Feb 10 2023 09:10 AM

Re: Microsoft 365 Defender - where to create a custom list of devices

@marktait19 

To create a custom list of devices in Microsoft Defender for Endpoint, you can use the Microsoft Defender Security Center. To do so, follow these steps:

  1. Log in to the Microsoft Defender Security Center.
  2. Go to the Devices section.
  3. On the Devices page, select the devices you want to add to the custom list.
  4. From the selection options, choose "Add to custom list".
  5. Give the custom list a name and description.
  6. Click on "Create custom list".

Once the custom list is created, you can use it in multiple KQL queries by referencing the custom list in the query. To do so, use the following syntax:

DeviceList('<CustomListName>')

For example, if your custom list is named "ImportantDevices", the KQL query would be:

DeviceList('ImportantDevices')

0 Likes
Reply
marktait19

‎Feb 10 2023 09:28 AM

‎Feb 10 2023 09:28 AM

Re: Microsoft 365 Defender - where to create a custom list of devices

@Robina 

Hi Robina - thank you for your reply.

When I select devices on the Devices page, I do not see "Add to custom list", I only see:

  • Manage Tags
  • Initiate Automated Investigation
  • Device Value
  • Exclude
  • Report Inaccuracy

I've attached a screenshot.

 

Have I missed something, or is it perhaps that I don't have specific permissions to create custom lists?

 

Thanks again,

 

Mark

 

selected devices.PNG

0 Likes
Reply
best response confirmed by marktait19 (Copper Contributor)
Robina

‎Feb 10 2023 09:40 AM

‎Feb 10 2023 09:40 AM

Solution

Re: Microsoft 365 Defender - where to create a custom list of devices

@marktait19 It sounds like you're using a security or device management platform that may have different options available to you based on your account level or the type of device you have selected. "Add to custom list" is not a standard feature in all security or device management platforms, and its availability may vary.

If you're looking for specific information or functionality that is not available to you, I recommend reaching out to your platform's support team for assistance. They will be able to provide you with more information on the features and functionality that are available to you.

0 Likes
Reply
marktait19

‎Feb 10 2023 09:43 AM

‎Feb 10 2023 09:43 AM

Re: Microsoft 365 Defender - where to create a custom list of devices

Thank you - I suspect that may be the issue. What I'm trying to do seems pretty simple (create a list of devices I can update once and use across multiple queries). I'll reach out to the platform support to see if they can recommend the specific permissions required.

All the best, Mark
2 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by marktait19 (Copper Contributor)
Robina

‎Feb 10 2023 09:40 AM

‎Feb 10 2023 09:40 AM

Solution

Re: Microsoft 365 Defender - where to create a custom list of devices

@marktait19 It sounds like you're using a security or device management platform that may have different options available to you based on your account level or the type of device you have selected. "Add to custom list" is not a standard feature in all security or device management platforms, and its availability may vary.

If you're looking for specific information or functionality that is not available to you, I recommend reaching out to your platform's support team for assistance. They will be able to provide you with more information on the features and functionality that are available to you.

View solution in original post

0 Likes
Reply