Asset rule management - Dynamic rules for devices
Important
Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
Applies to:
- Microsoft Defender XDR
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Business
Maintaining an accurate inventory of devices in a constantly changing corporate environment is a critical task for security and IT teams. Failing to effectively manage device context, such as device value and tags, which many organizations use in their security workflows can lead to security vulnerabilities.
Devices may require updates, replacements, or reconfigurations due to changing business needs. This can create a significant challenge for security and IT teams who are responsible for the ongoing management of the device inventory, and ensuring devices are effectively tracked and managed over time.
Dynamic rules can help manage device context by assigning tags and device values automatically based on certain criteria. This will save time and ensure accuracy. For example, tagging devices with a specific OS version or assigning a value to devices with a particular naming convention. Dynamic rules also ensure devices remain relevant by removing tags or updating values when criteria are no longer met.
Create a new dynamic rule
A rule can be based on device name, domain, OS platform, internet facing status, onboarding status and manual device tags. You can select or create a tag that will be applied based on the conditions you've set.
Important
Use of dynamic device tagging capabilities in Defender for Endpoint to tag devices with MDE-Management
isn't currently supported with security settings management. Devices tagged through this capability don't successfully enroll. This is currently under investigation.
The following steps guide you on how to create a new dynamic rule in Microsoft Defender XDR:
Sign in to the Microsoft Defender portal as a user who can view and perform actions on all devices.
In the navigation pane, select Settings > Microsoft Defender XDR > Asset Rule Management.
Select Create a new rule.
Enter a Rule name and Description*.
Select Next to choose the conditions you want to assign:
Select Next and choose the tag to apply to this rule.
Select Next to review and finish creating the rule and then select Submit.
Note
It may take up to 1 hour for changes to be reflected in the portal.
Dynamic tags in the Device Inventory
You can see the dynamic tags assigned in the Device Inventory view.
To see tags on individual devices:
Select Devices from the Assets navigation menu in the Microsoft Defender portal.
In the Device Inventory page, select the device name that you want to view.
Select Manage tags.
Updating rules
Dynamic tags and device values set by dynamic rules can't be manually updated. To edit, delete or turn off a rule, in the Asset Rule Management page select the rule and choose an action.