How to tags defined in MDE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Hello Friends,
I have a requirement in which tags would be defined on MDE platform for Servers and End user devices. Those tags needs to bring back in serviceNow CMDB. Has anyone worked on similar integration ? I would like to understand below pointers :
1) Can i use MDE SGC to bring tags ? Here do i need to do any customization ?
2) what is recommended way to store tags ? is it in cmdb_key_value table or should i introduce custom field to hold tagging info in cmdb_ci_computer table ?
I really appreciate your inputs on this matter.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Hi @nareshTT ,
1) Can I use MDE SGC (Security Graph Connector) to bring tags?
* Yes, you can bring in MDE tags using the Service Graph Connector (SGC) for Microsoft Defender for Endpoint.
* Out-of-the-box, SGC brings in device inventory, health, and vulnerability data into CMDB (cmdb_ci_computer).
* However, tags are not mapped by default. To ingest tags, you’ll need to:
* Extend the SGC ETL transform (via IntegrationHub ETL behind SGC) to include the tags field from the MDE API response.
* This is a minor customization: you’re not breaking OOTB, you’re just extending the transform mapping.
* After adding the field, re-run the SGC data flow and you should see tags available in the preview/prepare step.
So yes, you can use SGC → but you’ll need to extend the ETL schema and mapping for tags.
2) Recommended way to store tags in CMDB
Option A: Use cmdb_key_value (Recommended if multiple tags, dynamic)
* ServiceNow’s cmdb_key_value table is designed exactly for this purpose: storing labels, attributes, and tags associated with CIs.
* Benefits:
* Handles multiple values per CI cleanly.
* Doesn’t clutter cmdb_ci_computer with arrays or large text blobs.
* Aligns with Service Graph Connector best practices (where extended attributes go to cmdb_key_value).
* You can map MDE tags → cmdb_key_value (Key = “MDE Tag”, Value = tag name).
Option B: Add a custom field on cmdb_ci_computer (Not recommended except for simple use cases)
* If tags are single-valued or very limited, you could add a custom field (string or choice list).
* Downsides:
* Doesn’t scale well if devices have multiple tags.
* Harder to query/filter.
* Goes against ServiceNow’s CMDB extensibility best practices.
Best Practice Recommendation
* Use SGC + ETL extension to bring MDE tags.
* Store them in cmdb_key_value table (OOTB intended design).
* If reporting/searching needs exist, create a related list view of tags on cmdb_ci_computer.
* Optionally, use tag-based business rules/policies for automation (like assigning CI to a service group based on tag).
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025
