You can view security tags applied on a virtual machine or create a user defined security tag.

Security tags are labels which can be associated with a Virtual Machine (VM). Numerous security tags can be created to identify a specific workload. The matching criteria of a Security Group can be a security tag, and a workload that is tagged can be automatically placed into a Security Group.

Adding or removing security tags to a VM can be done dynamically in response to various criteria such as antivirus or vulnerability scans, and intrusion prevention systems. Tags can also be added and removed manually by an administrator.

Important: If a VM’s VM-ID is regenerated due to move or copy, the security tags are not propagated to the new VM-ID.

In a cross-vCenter NSX environment, universal security tags are created on the primary NSX manager and are marked for universal synchronization with secondary NSX managers. Universal security tags can be assigned to VMs statically, based on unique ID selection.