In our situation we currently create 1 BT jump client MSI installer which we then package and add to our Intune environment for deployment on all our workstations (approx 40k) 

From the consol perspective it is then just 1 big pool of devices and all our IT and support presentatives can access the workstations where required to provide the needed support. 

We are currently reviewing this strategy to reduce this visibility initiating RBAC like we also do in our Intune environment where many especially device visibilities are reduced due to applying scope tags and in turn apply security groups which limits the views of our IT. 

This of course is something we should/could do in BT, however there is no such rule or something available that if device starts with USLT or DELT it will be assigned to X group policy/session policy and then linked to the allowed representative and learned that this is initiated through the client itself hosting the tags and options

We've learned that you can add tags to devices through BT client installation, but the problem is that we operate in many countries, so if we go by country level, we could end up with over 100 packages deployed through intune with the tags. 

Apologies for the big story above as the main question is quite simple, but hopefully the introduction above helps in the road to solution: Is it it possible to add tags or other options to the installed BT client? We could then think of something like a powershell script (very simplified) that detects device name is US, then somewhere a configuration (if possible) is amended and tag is added which then flows through the BT Consol and assigned jump groups and from there visibility to the representative. 

All advise is welcome :)