- Go to Zero Trust Tags > Zero Trust Tagging Rules, and click Add.
- In the Name field, enter the desired rule name.
- In the Tag Endpoint As dropdown list, select an existing tag or enter a new tag. EMS uses this tag to dynamically group together endpoints that satisfy the rule, as well as any other rules that are configured to use this tag.
- Toggle Enabled on or off to enable or disable the rule.
- (Optional) In the Comments field, enter any desired comments.
- Click Add Rule.
- Configure the rule:
- For OS, select Windows, Mac, or Linux. This affects what rule types are available.
- From the Rule Type dropdown list, select the rule type and configure the related options. Ensure that you click the + button after entering each criterion. See Zero Trust tagging rule types for descriptions of the rule types.
- Click Save.
- Configure additional rules as desired by repeating steps 6-7. Click Save.
For some rule types, such as the Running Process rule type, the endpoint must satisfy all conditions to satisfy the rule. There may be situations where you want endpoints that satisfy different conditions to be in the same dynamic group. Consider that you want endpoints that are running Process A or Process B in the "RP" dynamic group. In this case, you can create two rule sets: one for endpoints running Process A and another rule for endpoints running Process B. You can configure both rule sets to apply the "RP" tag to place endpoints running either process in the same dynamic group.