include machine group and tags

2025-05-16 15:27:22 +00:00 · 2017-08-22 11:03:46 -07:00 · 2017-08-22 11:03:46 -07:00 · 73552135c0
commit 73552135c0
parent 8475ec4c12
4 changed files with 48 additions and 0 deletions
--- a/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-manage-tags.png
--- a/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-save-tag.png
--- a/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-tag-management.png
--- a/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md
@ -139,6 +139,54 @@ Expand an event to view associated processes related to the event. Click on the
 The details pane enriches the ‘in-context’ information across investigation and exploration activities, reducing the need to switch between contexts. It lets you focus on the task of tracing associations between attributes without leaving the current context.
 ## Manage machine group and tags
 You can group and add tags to machines to organize and identify specific endpoints in your organization. 
 Machine related properties are being extended to account for:
 - Group affiliation
 - Dynamic context capturing  
 ### Group machines
 Machine group affiliation can represent geographic location, specific activity, importance level and others. Grouping machines with similar attributes can be handy when you need to apply contextual action on a specific list of machines. After creating groups, you can apply the Group filter on the Machines list to get a narrowed list of machines.
 Machine group is defined in the following registry key entry of the machine:
 -	Registry key: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
 -	Registry key value (string): Group
 ### Set standard tags on machines
 Dynamic context capturing is achieved using tags. By tagging machines, you can keep track of individual machines in your organization. After adding tags on machines, you can apply the Tags filter on the Machines list to get a narrowed list of machines with the tag.
 1.	Select the machine that you want to manage tags on. You can select or search for a machine from any of the following views:
    -	**Dashboard** - Select the machine name from the Top machines with active alerts section.
    -	**Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
    -	**Machines list** - Select the machine name from the list of machines.
    -	**Search box** - Select Machine from the drop-down menu and enter the machine name.
    You can also get to the alert page through the file and IP views.
 2.	Open the **Actions** menu and select **Manage tags**.
    ![Image of taking action to manage tags on a machine](images/atp-manage-tags.png)
 3. Enter tags on the machine. To add more tags, click the + icon.
 4. Click **Save and close**. 
    ![Image of adding tags on a machine](images/atp-save-tag.png)
    Tags are added to the machine view and will also be reflected on the **Machines list** view. You can then use the **Tags** or **Groups** filter to see the relevant list of machines.
 ### Manage machine tags
 You can manage tags from the Actions button or by selecting a machine from the Machines list and opening the machine details panel. 
 ![Image of adding tags on a machine](images/atp-tag-management.png)
 ## Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)