{"id":439,"date":"2023-12-22T22:46:21","date_gmt":"2023-12-22T21:46:21","guid":{"rendered":"https:\/\/sparrowte.ch\/?p=439"},"modified":"2024-11-04T20:22:25","modified_gmt":"2024-11-04T19:22:25","slug":"diving-into-entra-id-systemlabels","status":"publish","type":"post","link":"https:\/\/sparrow365.de\/index.php\/en\/2023\/12\/22\/diving-into-entra-id-systemlabels\/","title":{"rendered":"Diving into Entra ID systemLabels"},"content":{"rendered":"<h2>The Original Question<\/h2>\n<blockquote>\n<p><strong><em>I came here for an Answer, not some Blog Post!<\/em><\/strong><\/p>\n<blockquote>\n<p>Okay geez, head <a href=\"https:\/\/github.com\/dreadsend\/EntraIDsystemLabels\">directly to the GitHub Repo<\/a><br \/>\nMaybe come back though, The journey is its own reward&#8230;<\/p>\n<\/blockquote>\n<\/blockquote>\n<p>One of my colleagues did not understand why Dynamic Groups were not being Processed and asked for help &#8211; Assumption being, that systemLabels referred to Defender for Endpoint Device Tags &#8211; a fair assumption, since the Words &quot;Tags&quot; and &quot;Labels&quot; mean a lot of things in the Microsoft 365 Universe.<br \/>\nUpon double checking, it became obvious rather quickly, that there is no relation and we moved on to a different Solution. But the question still irked me &#8211; what are systemLabels actually?<\/p>\n<p><br class=\"\"><\/p>\n<p>Looking into <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/groups-dynamic-membership#rules-for-devices\">Dynamic Group Membership Rules for devices<\/a> we only find a note:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/sparrowte.ch\/wp-content\/uploads\/2023\/12\/AllDocumentedInformation.png\" alt=\"Everything MS Gives us\" \/><\/p>\n<p><br class=\"\"><\/p>\n<p>Even the Graph API Documentation is similarly Vague:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/sparrowte.ch\/wp-content\/uploads\/2023\/12\/GraphAPIDocumentation.png\" alt=\"GraphAPIDocumentation.png\" \/><\/p>\n<p><br class=\"\"><\/p>\n<p>If we fine tune our search to <em>site:learn.microsoft.com &quot;systemlabels&quot;<\/em>, we find a lot of References to the general Device Object Schema, but never a comprehensive List what the actual values are.<\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/conditional-access\/concept-condition-filters-for-devices#supported-operators-and-device-properties-for-filters\">At least the Conditional Access Documentation gives us some Examples:<\/a><\/p>\n<blockquote>\n<p>List of labels applied to the device by the system.<br \/>\n<strong>Some<\/strong> of the supported values are: <\/p>\n<ol>\n<li>AzureResource: <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/devices\/howto-vm-sign-in-azure-ad-windows\">Windows VMs in Azure enabled with Microsoft Entra sign-in<\/a> <\/li>\n<li>M365Managed: <a href=\"https:\/\/learn.microsoft.com\/en-us\/managed-desktop\/overview\/service-plan\">Devices managed using Microsoft Managed Desktop<\/a><\/li>\n<li>MultiUser: <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity-platform\/msal-shared-devices\">Shared devices<\/a><\/li>\n<\/ol>\n<\/blockquote>\n<p><br class=\"\"><\/p>\n<p>Keyword being <strong><em>Some<\/em><\/strong> &#8211; this is a word I do not like. <\/p>\n<blockquote>\n<p>Before you ask &#8211; both ChatGPT and by extension bing cant do any better <a href=\"https:\/\/chat.openai.com\/share\/212b34dd-2ede-4311-914b-78f0e57cef52\">https:\/\/chat.openai.com\/share\/212b34dd-2ede-4311-914b-78f0e57cef52<\/a><\/p>\n<\/blockquote>\n<p><br class=\"\"><\/p>\n<p>Now, for a sane Person the original question is answered, the Property has nothing to do with the Defender Labels &#8211; so we could stop here. But are those all the Values we could use? What possibilities are out there? <strong><em>I must go deeper<\/em><\/strong><\/p>\n<p><br class=\"\"><\/p>\n<h2>Casting wider into the Net<\/h2>\n<p>Moving outside Microsofts Official Documentation, we find that I am unsurprisingly not the first one to ask this question. However, on the <a href=\"https:\/\/github.com\/MicrosoftDocs\/azure-docs\/issues\/22886\">issue opened around the documentation<\/a> we only find <a href=\"https:\/\/twitter.com\/AdamGrossTX\">Adam Gross<\/a> asking pretty much the <a href=\"https:\/\/twitter.com\/AdamGrossTX\/status\/1709604466540814372\">same Question<\/a>&#8230;<\/p>\n<p>At least we also find, that there used to be two additional systemLabels, but while history is interesting, it doesn&#8217;t really help much here.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/sparrowte.ch\/wp-content\/uploads\/2023\/12\/JeffreyAppelBlog.png\" alt=\"JeffreyAppel\" \/><\/p>\n<p><em><a href=\"https:\/\/jeffreyappel.nl\/manage-mde-for-windows-macos-and-linux-via-security-settings-management\/\">Courtesy of Jeffrey Appel<\/a><\/em><\/p>\n<p><br class=\"\"><\/p>\n<h2>20.000 Lines under the API<\/h2>\n<p>My curiosity not being satisfied I wrote <a href=\"https:\/\/github.com\/dreadsend\/EntraIDsystemLabels\/blob\/main\/informationCollector.ps1\">a script<\/a> to fetch the Information I want &#8211; sadly I could not find a single Example in the Tenants I have access to&#8230; So maybe there is Someone out there who might find a bit of time to check what might be out there&#8230;<\/p>\n<p>If you do find something, please feel free to let me know through GitHub or LinkedIn, so we can share your knowledge with those weirdos who might care&#8230;<\/p>\n<p><br class=\"\"><\/p>\n<p>I will not moderate comments and I do not want your email address &#8211; this post does not allow Comments.<\/p>\n<p>If you are interested in the things I do <a href=\"https:\/\/www.linkedin.com\/in\/julian-sperling-4bba72228\/\">follow me on LinkedIn<\/a>.   <\/p>\n<p><br class=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Original Question I came here for an Answer, not some Blog Post! Okay geez, head directly to the GitHub Repo Maybe come back though, The journey is its own reward&#8230; One of my colleagues did not understand why Dynamic Groups were not being Processed and asked for help &#8211; Assumption being, that systemLabels referred&#8230; &raquo; <a class=\"read-more-link\" href=\"https:\/\/sparrow365.de\/index.php\/en\/2023\/12\/22\/diving-into-entra-id-systemlabels\/\">weiterlesen<\/a><\/p>\n","protected":false},"author":2,"featured_media":446,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[76],"tags":[80,84,138,136,88,90,96,98,100,103,105,134],"class_list":["post-439","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-me-id-en","tag-aad-en","tag-azure-ad-en","tag-conditional-access","tag-dynamic-device-groups","tag-entra-en","tag-entra-id-en","tag-graph-en","tag-graph-api-en","tag-microsoft-graph-en","tag-powershell-en","tag-powershell-sdk-en","tag-systemlabels"],"_links":{"self":[{"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":7,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"predecessor-version":[{"id":453,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/posts\/439\/revisions\/453"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/media\/446"}],"wp:attachment":[{"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sparrow365.de\/index.php\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}