Custom detection rules device group change in Microsoft Defender

For one of our client we have onboarded 500+ custom detection rules in Microsoft Defender, as they were migrating from another EDR solution to Defender. Now client ask is, they have created a new device group/organizational scope for testing rules and for all 500+ rules they are expecting us to change the device group as the new one they have onboarded now.

Is there any way we can change or update the device group/organizational scope in one go for all 500+ rules, any PowerShell script or automation that can help us achieve this?

asked Apr 22 at 5:36

Manisha

32 bronze badges

Hi Manisha, Just for my understanding - Why didn't they opt to edit the already existing groups/ organization scope that has been configured for the earlier detection rules?

Catherine Kyalo
– Catherine Kyalo

2025-04-28 05:33:21 +00:00
Commented Apr 28 at 5:33
Hi @CatherineKyalo, they wanted to test Defender capability over the production rules from previous EDR.

Manisha
– Manisha

2025-07-05 07:31:35 +00:00
Commented Jul 5 at 7:31

Add a comment |

0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Custom detection rules device group change in Microsoft Defender

0

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.