Manage Defender for Endpoint device tags through Azure Automaton DSC
Another day I was playing around again with the Azure Desired State Configuration feature, and I wanted to test out Defender for Endpoint device tagging through Desired State. I wanted to tag my servers based on the Active Directory tier level.
Here is my example OU structure
In this case, I have three different tiers – 0, 1 and 2. If the server is under the correct OU, it will be tagged based on the OU path.
You can crab my DSC configuration from here – AzureAutomation/TagMDEServerTierLevel.ps1 at main · Kaidja/AzureAutomation (github.com)
Currently, you can configure only one tag through the registry. It takes some time before the tag shows up in the Defender for Endpoint portal.
PS! Please test and verify the code before using it.