Microsoft MECM (SCCM) - Add or Remove Assets to Collection
Note
A new enforcement action,Microsoft MECM - Add or Remove Assets to/from Collection (PS-based) is now available (using Microsoft-recommended PowerShell commands). While this existing action, remains supported, we recommend transitioning to the new action for best practices compliance.
The Microsoft MECM (SCCM) - Add or Remove Assets to Collection connects to the SQL server defined and adds the assets to the collection, or removes the assets from the collection, depending on the settings in this action. This is performed for each asset retrieved by the selected query (or for each selected asset).
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
Note:
- Not all asset types are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
General Settings
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Required Fields
These fields must be configured to run the Enforcement Set.
- EC Action - Select the EC Action to perform:
- Add to Collection
- Remove from Collection
 
- MECM collection name - The name of the collection to which the changes will apply.
- 
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Working with Axonius Compute Nodes. 
Additional Fields
These fields are optional.
- 
Edit Collection Membership Rules - When selected, the EC will edit the base query for the collection creation so that changes will persist even after a manual update or full collection update performed on a scheduled basis. Note that this will change the initial query for the collection and change behaviour on MECM side. 
- 
Use Adapter Settings - Use the settings in the adapter configuration. 
- 
MECM/MSSQL Server - The DNS/IP Address of the Microsoft SQL Server your instance is using. - To use a specific named instance, the value supplied should be in the following format: {serverhost}\{instancename}.
- If no instance is supplied, the default instance will be used.
 
- To use a specific named instance, the value supplied should be in the following format: 
- 
Port (default: 1433) - The port use for the connection. 
- 
Database - The name of the database inside the SQL Server (Usually starts with CM_). 
- 
User Name - A user name with the required permissions. 
Note
- The best practice is to create a dedicated SQL local user for Axonius usage. For details, see Creating a Local Read-Only User for Microsoft SQL Server.
- If you are using a domain user, specify the domain and the user name in the following format: domain\username.
- Password - The user's password. The password must not include ";".
Required Ports
Axonius must be able to communicate with the MSSQL Server via one of the following ports:
- Microsoft SQL Server discovery port - 1433 (default for non SA users) 1434 (default for SA - SuperAdmin - users).
- The specific port for the supplied named instance, if relevant.
- Note that the port appended into the adapter configuration needs to match the global listening port of the MECM database.
Note
The ports listed above are the standard default MECM ports. However, these ports might be different if MECM is deployed and configured with custom ports specified by the customer.
Permissions
The User for this action needs DB write permissions
For more details about other Enforcement Actions available, see Action Library.
Updated about 11 hours ago
