创建和管理设备标签Create and manage device tags

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

在设备上添加标记以创建逻辑组附属关系。Add tags on devices to create a logical group affiliation. 设备标记支持网络的正确映射,使您能够附加不同的标记以捕获上下文,并启用动态列表创建作为事件的一部分。Device tags support proper mapping of the network, enabling you to attach different tags to capture context and to enable dynamic list creation as part of an incident. 标记可在"设备" 列表视图中用作 筛选器,或用于对设备进行分组。Tags can be used as a filter in Devices list view, or to group devices. 有关设备分组详细信息,请参阅创建 和管理设备组For more information on device grouping, see Create and manage device groups.

可以使用以下方法在设备上添加标记:You can add tags on devices using the following ways:

  • 使用门户Using the portal
  • 设置注册表项值Setting a registry key value

备注

将标记添加到设备的时间与标记在设备列表和设备页面中的可用性之间可能有一些延迟。There may be some latency between the time a tag is added to a device and its availability in the devices list and device page.

若要使用 API 添加设备标记,请参阅添加或删除设备标记 API。To add device tags using API, see Add or remove device tags API.

使用门户添加和管理设备标记Add and manage device tags using the portal

  1. 选择要管理标记的设备。Select the device that you want to manage tags on. 可以从以下任一视图选择或搜索设备:You can select or search for a device from any of the following views:

    • 安全操作仪表板 - 从具有活动警报的热门设备部分选择设备名称。Security operations dashboard - Select the device name from the Top devices with active alerts section.

    • 警报队列 - 从警报队列中选择设备图标旁边的设备名称。Alerts queue - Select the device name beside the device icon from the alerts queue.

    • 设备列表 - 从设备列表中选择设备名称。Devices list - Select the device name from the list of devices.

    • 搜索框 - 从下拉菜单中选择设备,然后输入设备名称。Search box - Select Device from the drop-down menu and enter the device name.

      您还可以通过文件和 IP 视图访问警报页面。You can also get to the alert page through the file and IP views.

  2. "响应操作 "行中选择"管理标记"。Select Manage Tags from the row of Response actions.

    管理标记按钮的图像

  3. 键入 以查找或创建标记Type to find or create tags

    在设备上添加标记的图像1

标记将添加到设备视图,并且也会反映在 "设备"列表 视图中。Tags are added to the device view and will also be reflected on the Devices list view. 然后,可以使用 标记 筛选器查看相关设备列表。You can then use the Tags filter to see the relevant list of devices.

备注

筛选可能对包含括号的标记名称不起作用。Filtering might not work on tag names that contain parenthesis.
创建新标记时,将显示现有标记的列表。When you create a new tag, a list of existing tags are displayed. 该列表只显示通过门户创建的标记。The list only shows tags created through the portal. 不会显示从客户端设备创建的现有标记。Existing tags created from client devices will not be displayed.

您还可以从此视图中删除标记。You can also delete tags from this view.

在设备上添加标记的图像2

通过设置注册表项值添加设备标记Add device tags by setting a registry key value

备注

仅适用于以下设备:Applicable only on the following devices:

  • Windows 10版本 1709 或更高版本Windows 10, version 1709 or later
  • Windows服务器版本 1803 或更高版本Windows Server, version 1803 or later
  • Windows Server 2016Windows Server 2016
  • Windows Server 2012 R2Windows Server 2012 R2
  • Windows Server 2008 R2 SP1Windows Server 2008 R2 SP1
  • Windows 8.1Windows 8.1
  • Windows 7 SP1Windows 7 SP1

备注

标记中可以设置的最大字符数为 200。The maximum number of characters that can be set in a tag is 200.

当你需要对特定设备列表应用上下文操作时,具有类似标记的设备可能很方便。Devices with similar tags can be handy when you need to apply contextual action on a specific list of devices.

使用以下注册表项在设备上添加标记:Use the following registry key entry to add a tag on a device:

  • 注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\
  • 注册表项值 (REG_SZ) : GroupRegistry key value (REG_SZ): Group
  • 注册表项数据: Name of the tag you want to setRegistry key data: Name of the tag you want to set

备注

设备标记是每天生成的设备信息报告的一部分。The device tag is part of the device information report that's generated once a day. 或者,你可以选择重新启动将传输新设备信息报告的终结点。As an alternative, you may choose to restart the endpoint that would transfer a new device information report.

如果需要删除使用上述注册表项添加的标记,请清除注册表项数据的内容,而不是删除"Group"项。If you need to remove a tag that was added using the above Registry key, clear the contents of the Registry key data instead of removing the 'Group' key.