Table of Contents

The Original Question

I came here for an Answer, not some Blog Post!

Okay geez, head directly to the GitHub Repo
Maybe come back though, The journey is its own reward…

One of my colleagues did not understand why Dynamic Groups were not being Processed and asked for help – Assumption being, that systemLabels referred to Defender for Endpoint Device Tags – a fair assumption, since the Words "Tags" and "Labels" mean a lot of things in the Microsoft 365 Universe.
Upon double checking, it became obvious rather quickly, that there is no relation and we moved on to a different Solution. But the question still irked me – what are systemLabels actually?


Looking into Dynamic Group Membership Rules for devices we only find a note:

Everything MS Gives us


Even the Graph API Documentation is similarly Vague:

GraphAPIDocumentation.png


If we fine tune our search to site:learn.microsoft.com "systemlabels", we find a lot of References to the general Device Object Schema, but never a comprehensive List what the actual values are.

At least the Conditional Access Documentation gives us some Examples:

List of labels applied to the device by the system.
Some of the supported values are:

  1. AzureResource: Windows VMs in Azure enabled with Microsoft Entra sign-in
  2. M365Managed: Devices managed using Microsoft Managed Desktop
  3. MultiUser: Shared devices


Keyword being Some – this is a word I do not like.

Before you ask – both ChatGPT and by extension bing cant do any better https://chat.openai.com/share/212b34dd-2ede-4311-914b-78f0e57cef52


Now, for a sane Person the original question is answered, the Property has nothing to do with the Defender Labels – so we could stop here. But are those all the Values we could use? What possibilities are out there? I must go deeper


Casting wider into the Net

Moving outside Microsofts Official Documentation, we find that I am unsurprisingly not the first one to ask this question. However, on the issue opened around the documentation we only find Adam Gross asking pretty much the same Question

At least we also find, that there used to be two additional systemLabels, but while history is interesting, it doesn’t really help much here.

JeffreyAppel

Courtesy of Jeffrey Appel


20.000 Lines under the API

My curiosity not being satisfied I wrote a script to fetch the Information I want – sadly I could not find a single Example in the Tenants I have access to… So maybe there is Someone out there who might find a bit of time to check what might be out there…

If you do find something, please feel free to let me know through GitHub or LinkedIn, so we can share your knowledge with those weirdos who might care…


I will not moderate comments and I do not want your email address – this post does not allow Comments.

If you are interested in the things I do follow me on LinkedIn.


Last modified: 5. January 2024