Asset rule management - Dynamic rules for devices

Important

Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.

Applies to:

Maintaining an accurate inventory of devices in a constantly changing corporate environment is a critical task for security and IT teams. Failing to effectively manage device context, such as device value and tags, which many organizations use in their security workflows can lead to security vulnerabilities.

Devices may require updates, replacements, or reconfigurations due to changing business needs. This can create a significant challenge for security and IT teams who are responsible for the ongoing management of the device inventory, and ensuring devices are effectively tracked and managed over time.

Dynamic rules can help manage device context by assigning tags and device values automatically based on certain criteria. This will save time and ensure accuracy. For example, tagging devices with a specific OS version or assigning a value to devices with a particular naming convention. Dynamic rules also ensure devices remain relevant by removing tags or updating values when criteria are no longer met.

Create a new dynamic rule

A rule can be based on device name, domain, OS platform, internet facing status, onboarding status and manual device tags. You can select or create a tag that will be applied based on the conditions you've set.

Important

Use of dynamic device tagging capabilities in Defender for Endpoint to tag devices with MDE-Management isn't currently supported with security settings management. Devices tagged through this capability don't successfully enroll. This is currently under investigation.

The following steps guide you on how to create a new dynamic rule in Microsoft Defender XDR:

  1. Sign in to the Microsoft Defender portal as a user who can view and perform actions on all devices.

  2. In the navigation pane, select Settings > Microsoft Defender XDR > Asset Rule Management.

  3. Select Create a new rule.

  4. Enter a Rule name and Description*.

  5. Select Next to choose the conditions you want to assign:

    Screenshot of the Rule conditions page

  6. Select Next and choose the tag to apply to this rule.

    Screenshot of the actions page

  7. Select Next to review and finish creating the rule and then select Submit.

    Note

    It may take up to 1 hour for changes to be reflected in the portal.

Dynamic tags in the Device Inventory

You can see the dynamic tags assigned in the Device Inventory view.

To see tags on individual devices:

  1. Select Devices from the Assets navigation menu in the Microsoft Defender portal.

  2. In the Device Inventory page, select the device name that you want to view.

  3. Select Manage tags.

    Screenshot of the machine tags page

Updating rules

Dynamic tags and device values set by dynamic rules can't be manually updated. To edit, delete or turn off a rule, in the Asset Rule Management page select the rule and choose an action.

Screenshot of the rule details page