The script should look something like the below, where $tag is the string you want your tag to be. If you can’t use the above custom OMA-URI due to your version of Windows, you can use a PowerShell script to update the registry. PowerShell Script (Registry Update) (Windows 1703 or older) When the device now syncs with Intune, it will apply the custom profile you created, and the device will show with your tag. When all the info is filled out, choose Save to add the line, then Next.ĥ.Assign your policy to the appropriate device group, then proceed to Create the policy. Device/Vendor/MSFT/WindowsAdvancedThreatProtection/DeviceTagging/Group, the Data type should be String, and the Value should be your tag. The important parts are the OMA-URI should be. The name and description can be whatever you want. One profile = one tag, so I like to include the tag itself in the name.Ĥ.Click the Add button on the OMA-URI settings page. You want to choose a Custom type.ģ.Give the profile an appropriate name and description. Browse to Devices > Windows > Configuration Profiles and click + Create Profile. Navigate to the Microsoft Endpoint Manager admin center at .Ģ. Therefore, if we want to change the tag, we need to do it using the same method we used to deploy rather than just updating it in Defender Security Center. With both, the tag is driven by the device itself, rather than an administrator in the Defender Security Center. Ive started to have a basic and then I want to export all the configurations to JSON-files, however, not everything within EndPoint Security are. Technically, we could go down the script route for version 1709+ too, but using Intune’s native toolset is much easier to manage as you get ongoing visibility of the setting. Im working for a streamlined process to configure the basics in EndPoint Manager and thought to use Microsoft Graph API to import configurationprofiles when we get new customers for the basics. If we run a version before 1709, we can edit the registry using a script. If we run Windows 10 version 1709 or later, we can use a Custom OMA-URI configuration profile. While you can assign tags, and therefore determine group membership, manually from the Security Center, this doesn’t exactly scale well.ĭevices managed by Intune give us a couple of options, depending on which version of Windows 10 our device runs. A device can only belong to one group and controls settings such as auto-remediation level and which Role-Based Access Control (RBAC) roles have administrative permissions over it. Device groups (previously machine groups), are used to assign devices different rules and administrative ownership. In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a device group.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |