The Original Question
I came here for an Answer, not some Blog Post!
Okay geez, head directly to the GitHub Repo
Maybe come back though, The journey is its own reward…
One of my colleagues did not understand why Dynamic Groups were not being Processed and asked for help – Assumption being, that systemLabels referred to Defender for Endpoint Device Tags – a fair assumption, since the Words "Tags" and "Labels" mean a lot of things in the Microsoft 365 Universe.
Upon double checking, it became obvious rather quickly, that there is no relation and we moved on to a different Solution. But the question still irked me – what are systemLabels actually?
Looking into Dynamic Group Membership Rules for devices we only find a note:
Even the Graph API Documentation is similarly Vague:
If we fine tune our search to site:learn.microsoft.com "systemlabels", we find a lot of References to the general Device Object Schema, but never a comprehensive List what the actual values are.
At least the Conditional Access Documentation gives us some Examples:
List of labels applied to the device by the system.
Some of the supported values are:
- AzureResource: Windows VMs in Azure enabled with Microsoft Entra sign-in
- M365Managed: Devices managed using Microsoft Managed Desktop
- MultiUser: Shared devices
Keyword being Some – this is a word I do not like.
Before you ask – both ChatGPT and by extension bing cant do any better https://chat.openai.com/share/212b34dd-2ede-4311-914b-78f0e57cef52
Now, for a sane Person the original question is answered, the Property has nothing to do with the Defender Labels – so we could stop here. But are those all the Values we could use? What possibilities are out there? I must go deeper
Casting wider into the Net
Moving outside Microsofts Official Documentation, we find that I am unsurprisingly not the first one to ask this question. However, on the issue opened around the documentation we only find Adam Gross asking pretty much the same Question…
At least we also find, that there used to be two additional systemLabels, but while history is interesting, it doesn’t really help much here.
20.000 Lines under the API
My curiosity not being satisfied I wrote a script to fetch the Information I want – sadly I could not find a single Example in the Tenants I have access to… So maybe there is Someone out there who might find a bit of time to check what might be out there…
If you do find something, please feel free to let me know through GitHub or LinkedIn, so we can share your knowledge with those weirdos who might care…
I will not moderate comments and I do not want your email address – this post does not allow Comments.
If you are interested in the things I do follow me on LinkedIn.
Comments