MDE Device Tagging through Dynamic Asset rule management using Microsoft Defender XDR

 

My last couple of blog posts have been about MDE device tagging where I covered bulk tagging for macOS and iOS\iPadOS devices using Intune. In this blog post, I will be covering another method for bulk tagging which can work independently of any MDM solution.

Asset rule management in Microsoft Defender

Asset rule management in Microsoft Defender has been around for some time for assigning device tags based on certain criteria. This is done through asset rules that can be based on device name, domain, OS platform, internet facing status, onboarding status and manual device tags.

Here is how one can go about creating asset rules:

2. In the navigation pane, select Settings > Microsoft Defender XDR > Asset Rule Management.
3. Select Create a new rule.
4. Enter a Rule name and Description.
5. Select Next to choose the conditions you want to assign. I am pulling in al end user OS platforms.


6. Select Next and choose or create the tag to apply to this rule. I am creating a tag under the name MDMLabDevices

7. Select Next to review and finish creating the rule and then select Submit.

You should see the dynamic tag (in this case MDMLabDevices) assigned in the Device Inventory view. Note: It can take up to 1 hr for changes to reflect in the portal.


Unlike device tags configured using Intune that show up as RegistryDeviceTag in Advanced hunting, device tags configure thought asset rule management will show up under DeviceDynamicTags.

Until next time..

Comments

Popular posts from this blog

How to force escrowing of BitLocker recovery keys using Intune

Prevent users from running certain programs or applications on Windows endpoints using Intune

Intune: Configure Printers for Non-Administrative Users