You just need to run the post command as shown here and replace the device ID with your device ID. From the left navigation menu, select Partners & APIs > API Explorer.Go to, the defender for Endpoint Portal,.Let us start with a simple command in API explorer: Assign the profile to Endpoint Manager Group.ģ.Using Microsoft Defender for Endpoint API Explorer to tag devices.Device/Vendor/MSFT/WindowsAdvancedThreatProtection/DeviceTagging/Group
Tag name should be less than 200 characters.This limitation could be overcome by the API PowerShell Scripting method on which we will discuss later as an alternative option. Only one Tag name is allowed due to the REG_SZ string type.|project Timestamp, DeviceName, RegistryDeviceTag, OSPlatform, LoggedOnUsers, MachineGroup |where RegistryDeviceTag contains "NewOP-Tool" To do advanced hunting query for all the devices with the same tag names:.You could make a script to generate registry key and deploy it by SCCM or GPO as usual.HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging Let us go through the options mentioned above.įor device tagging purpose, you could create the registry key named “DeviceTagging” based on Microsoft document. One of Customer preferred way is tagging device by running PowerShell script with API access to Defender Service data source. We could also make device tags easily by using Microsoft Flow.
Another method is using the Endpoint MDM Configuration Profile with a custom OMA-URI, or by using Defender portal with the API Explorer feature.
MAGIC TAGGER REGISTRATION KEY WINDOWS
We need to do the task on tens of thousands of devices programmatically.Īs you already knew it, there are a few ways to tag a device, you could tag it manually by Defender Portal under device and manage tag or by Windows Regedit.exe and modifying the device ‘s registry key. The question is, how could we tag each of the Defender Endpoint Device with the “OP-tool” label? There is a good techblog article about scoping devices based on tags by Steve Newby (Microsoft). The task is easy, just need to create a device group based on the device tags, for example, I use the tag name “OP-Tool” and make a dynamic group based on tag name of OP-Tool: Customer has wanted all the devices which are members of this group, will be audited and alerted about threats by Defender Service only, there should be no action such as quarantine or removal of files on the critical devices which were used to control tool in operation rooms. This device group later will be assigned with no-remediation policy.
MAGIC TAGGER REGISTRATION KEY WINDOWS 10
Related to Microsoft Defender for Endpoint, recently we got a request from a customer to create the Defender group of tool devices running Windows 10 Operating Systems.