SOLVED

Entity Tagging

Contributor

Hello,

The client project i am working on has a requirement to 'Tag' entities so that they can assign collections to groups of users rather than have them have access to the whole of the contents of the MDE portal.  For example there would be tags for the location 'Loc-UK', tag for a service 'Serv-DNS' etc etc.  Is it possible to 'Tag' devices in MDE or is there another method that can be used to filter at this level of detail??  I know from my MDI experience that you can tag entities with 'Sensitive' or 'honeytoken'.

Regards,

Rob

5 Replies
best response confirmed by rob_wood_8894 (Contributor)
Microsoft Verified Best Answer
Solution

Hi @rob_wood_8894,

 

In the Microsoft Defender Portal, you have the ability to assign tags to devices. https://security.microsoft.com --> Devices (under Assets) --> Select a device and then select Manage tags. Here you can assign tags to specific devices. Then, you can assign those tags to specific device groups from the Settings --> Device Groups section.

 

It's possible to filter the devices on a specific tag or device group in the Devices section.

 

Kind Regards,

Tiennes

 

 

Thanks Tiennes
Then, you can assign those tags to specific device groups from the Settings --> Device Groups section.
I don't see that? Is that under the main Settings??
Sorry, and another question, is it possible to automate this in an onboarding script, e.g. using ansible?
For adding to a deployment using a management tool (such Ansible):

You can use the API for tagging devices in MDE:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/add-or-remove-machine-tags...

or

You can use the registry for tagging devices in MDE:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-tags?view=o365-wor...
Note: This one the recommended use, is for Organizational Unit (OU) info as described here:

How to use tagging effectively (Part 2)
https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectivel...

Other in this blog series:
How to use tagging effectively (Part 1)
https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectivel...

How to use tagging effectively (Part 3) - Scripting tags
https://gorovian.000webhostapp.com/?exam=t5/microsoft-defender-for-endpoint/how-to-use-tagging-effectivel...

Thx,
Yong Rhee - MSFT

Hi @rob_wood_8894,

 

Yes, it's in the Settings section. Please follow the steps below:

 

  1. Login into https://security.microsoft.com
  2. Navigate to Settings --> Endpoints
  3. From the menu, you can navigate to Device groups under Permissions

Tiennes_0-1659013939519.png