Tags

Tags let you organize agents into logical groups. Use tags to target specific sets of endpoints for update policies, compliance baselines, and configuration policies.

Creating tags

Navigate to Agents > Tags and click Create Tag. Give the tag a descriptive name (e.g., production-servers, finance-department, windows-11). Tag names must be lowercase, use only letters, numbers, and dashes, and cannot start or end with a dash. Tags appear immediately and are ready to be assigned to agents.

Assigning tags to agents

You can assign tags in two ways:

Manual assignment

Go to Agents > Endpoints, select one or more agents using the checkboxes, and use the bulk action Assign Tag. Pick one or more tags from the dropdown and confirm. The tags are applied to all selected agents immediately.

Automation rules

Set up rules that automatically tag agents based on matching criteria such as OS type, hostname pattern, or IP range. See the Automation section for details on creating and managing rules.

Automation rules can be configured to run on new agent enrollment, on a schedule, or triggered manually. See Automation for details on configuring rule triggers.

Tag details page

Click a tag name in the list to view its detail page. From here you can see:

Agent count - Total number of endpoints assigned to this tag
Status breakdown - How many tagged agents are online, offline, or pending
Agent list - All endpoints with this tag, with the same sort and filter controls as the main Endpoints page

You can also remove agents from the tag directly on this page by selecting them and choosing Remove from Tag.

Using tags for targeting

Tags are the primary mechanism for targeting agents when creating:

System update policies - Control which OS patches and security updates endpoints receive
Application update policies - Manage third-party application updates (Windows only)
Compliance baselines - Evaluate a set of endpoints against CIS, DISA STIG, or other frameworks
Configuration policies - Apply settings to a group of machines

When you target a policy to a tag, the policy automatically applies to any new agents that receive that tag in the future. This means you define the policy once and let tag membership control who it affects.

Best practices

Follow these guidelines to build a tagging strategy that scales with your fleet:

Use a consistent naming convention. A prefix-based scheme makes tags easy to filter and understand at a glance. For example: env-production, os-windows-11, dept-finance, role-web-server. Tag names must be lowercase, alphanumeric, and can only use dashes to separate words.
Create tags for both organizational and technical grouping. Organizational tags reflect your business structure (department, location, cost center). Technical tags reflect the endpoint's role or platform (OS, server type, application stack). Having both gives you flexibility when targeting policies.
Combine tags with automation rules. Manual tagging works for small fleets, but automation keeps grouping accurate as agents change properties or new endpoints enroll. See Automation for setup instructions.
Avoid overly specific tags. A tag for every individual machine defeats the purpose of grouping. If you find yourself creating tags with a single agent, consider whether a broader grouping would serve the same goal.

tip

Tags are the foundation of policy targeting. Invest time in a good tagging strategy early to simplify management as your fleet grows.

Creating tags​

Assigning tags to agents​

Manual assignment​

Automation rules​

Tag details page​

Using tags for targeting​

Best practices​