System tags: Currently, Priority account is the only type of system tag.
Custom tags: You create these types of tags.
If your organization has Defender for Office 365 Plan 2 (included in your subscription or as an add-on), you can create custom user tags in addition to using the Priority account tag.
Märkus
Currently, you can only apply user tags to mailbox users.
Your organization can tag a maximum of 250 users using the Priority account system tag.
Each custom tag has a maximum of 999 users per tag and your organization can create up to 500 custom tags.
This article explains how to configure user tags in the Microsoft Defender portal. You can also apply or remove the Priority account tag using the VIP parameter on the Set-User cmdlet in Exchange Online PowerShell. No PowerShell cmdlets are available to manage custom user tags.
You need to be assigned permissions before you can do the procedures in this article. You have the following options:
Microsoft Defender XDR Unified role based access control (RBAC) (If Email & collaboration > Defender for Office 365 permissions is Active. Affects the Defender portal only, not PowerShell): Authorization and settings/System settings/manage or Authorization and settings/System settings/Read-only.
Create, modify, and delete custom user tags: Membership in the Organization Management or Security Administrator role groups.
Apply and remove the Priority account tag from users: Membership in the Security Administrator and Exchange Admin role groups.
Apply and remove existing custom user tags from users: Membership in the Organization Management or Security Administrator role groups.
Näpunäide
User tag management is controlled by the Tag Reader and Tag Manager roles in Email & collaboration permissions.
Microsoft Entra permissions: Membership in the Global Administrator* and Security Administrator roles gives users the required permissions and permissions for other features in Microsoft 365.
Oluline
* Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
You can also manage and monitor the Priority account tag in the Microsoft 365 admin center. For instructions, see Manage and monitor priority accounts.
For information about securing privileged accounts (admin accounts), see this article.
Use the Microsoft Defender portal to create user tags
On the User tags page, select Create to start the new tag wizard.
On the Define tag page, configure the following settings:
Name: Enter a unique, descriptive name for the tag. You can't rename a tag after you create it.
Description: Enter an optional description for the tag.
When you're finished on the User tags page, select Next.
On the Assign members page, do either of the following steps:
Select Add members. In the Add members flyout that opens, do any of the following steps to add individual users or groups in the Search users and groups to add box:
Click in the box and scroll through the list to select a user or group.
Click in the box, start typing a name to filter the list, and then select the value below the box. select a user or group.
To add more members, click in an empty area in the box and repeat the previous step.
To remove individual entries from the box, select
next to the entry.
When you're finished on the Add members flyout, select Add.
Back on the Assign members page, the users and groups that you added are listed by Name and Type. To remove entries from the list, select Delete next to the entry.
Select Import to select a text file that contains the email addresses of the users or groups (one entry per line).
When you're finished on the Assign members page, select Next.
On the Review tag page, review your settings. You can select Edit in each section to modify the settings within the section. Or you can select Back or the specific page in the wizard.
When you're finished on the Review tag page, select Submit.
On the New tag created page, you can select the links to add a new tag or manage the tag members.
When you're finished on the New tag created page, select Done.
Märkus
It can take up to 8 hours to completely apply tags.
If you assign a group to a user tag, members of the group at the time of tag creation are assigned tag. Users later added to the group aren't automatically assigned the user tag.
Use the Microsoft Defender portal to view user tags
Custom tags: The details flyout for a custom tag contains the same information as the User tags page, plus the list of users and groups that the tag applies to.
Use the Microsoft Defender portal to modify user tags
After you select the user tag, use either of the following methods to modify it:
On the User tags page: Select the Edit action that appears.
In the details flyout of the selected user tag: Select the Edit action at the top of the flyout.
This learning path examines how to manage the Microsoft 365 security services, with a special focus on security reporting and managing the Safe Attachments and Safe Links features in Microsoft Defender for Office 365. MS-102