What Permissions required for Managing Tags?


Photo by Markus Winkler on Unsplash

Recently, In one of my customer conversation across Microsoft Defender for Endpoint (MDE), Interestingly they asked me few questions…

  1. Vijay, What role is required for the following actions: (a) Managing (crud) Manual Tags across all devices & (b) Managing (crud) Rule-based Tags that impact all devices
  2. Is there a way to add explicit permissions for tag management

With a screenshot to share more clarity on the above question’s…

When I looked back at the traditional RBAC for MDE, their I see “manage device tags” embedded within the Alerts investigation permission. I don’t see anything finer-grained in terms of manual vs. rule-based tags — my assumption is that this permission should be covering both.

To Further explore, I visited few of the sites to get more deeper understanding on the customer queries



Vijay Borkar (VBCloudboy)

Skilled Ent. Solution Architect with a strong background in systems integration and a passion for delivering solutions that drive business success.