What are custom security attributes in Microsoft Entra ID?

lightupdifire commented 1 week ago

Hello,

It would be great to have the documentation also for:

groups - how to add, manage, use, which groups supported (security, mail-enabled, distribution, etc.)
devices - how to add, manage, use, which device type supported (android, ios, etc.)

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

ID: 2896aa11-53c5-722b-aabf-e59dda55cf38
Version Independent ID: 7291a3a0-24d6-0e88-9105-29001f7e3ed1
Content: What are custom security attributes in Microsoft Entra ID? - Microsoft Entra
Content Source: docs/fundamentals/custom-security-attributes-overview.md
Service: entra
Sub-service: fundamentals
GitHub Login: @rolyon
Microsoft Alias: rolyon

TPavanBalaji commented 1 week ago

@lightupdifire Thanks for your feedback! We will investigate and update as appropriate.

SaibabaBalapur-MSFT commented 1 week ago

@lightupdifire Here are the links to the documentation for managing groups and devices in Azure Active Directory: Manage groups in Azure Active Directory Add or delete devices using Azure Active Directory These documents cover how to add, manage, and use groups and devices in Azure AD, as well as which types of groups and devices are supported. Let me know if you have any further questions!

lightupdifire commented 1 week ago

@SaibabaBalapur-MSFT I mean on how to apply and manage the custom security attributes to Groups and Devices.

SaibabaBalapur-MSFT commented 1 week ago

I apologize for the confusion earlier. Custom security attributes can be assigned to groups and devices in Azure AD using the Azure AD PowerShell module. Here are the steps to assign custom security attributes to groups and devices:

Assign custom security attributes to a group

Install the Azure AD PowerShell module by running the following command in an elevated PowerShell session:
```
Install-Module AzureAD
```
Connect to your Azure AD tenant by running the following command:
```
Connect-AzureAD
```
Assign a custom security attribute to a group by running the following command:
```
Set-AzureADGroupExtension -ObjectId <GroupObjectId> -ExtensionName "<AttributeName>" -ExtensionValue "<AttributeValue>"
```
Replace <GroupObjectId> with the object ID of the group you want to assign the custom security attribute to, <AttributeName> with the name of the custom security attribute, and <AttributeValue> with the value of the custom security attribute.

Assign custom security attributes to a device

Install the Azure AD PowerShell module by running the following command in an elevated PowerShell session:
```
Install-Module AzureAD
```
Connect to your Azure AD tenant by running the following command:
```
Connect-AzureAD
```
Assign a custom security attribute to a device by running the following command:
```
Set-AzureADDeviceExtension -ObjectId <DeviceObjectId> -ExtensionName "<AttributeName>" -ExtensionValue "<AttributeValue>"
```
Replace <DeviceObjectId> with the object ID of the device you want to assign the custom security attribute to, <AttributeName> with the name of the custom security attribute, and <AttributeValue> with the value of the custom security attribute.

I hope this helps! Let me know if you have any further questions.

lightupdifire commented 6 days ago

@SaibabaBalapur-MSFT Thanks! So I was looking into this document (https://learn.microsoft.com/en-us/entra/fundamentals/custom-security-attributes-overview) and was searching documentation about how to manage custom security attributes for groups and devices, If some document already exists, maybe can add into this document a hyperlink + note?

SaibabaBalapur-MSFT commented 5 days ago

@lightupdifire We use your feedback to improve our documentation, so we are grateful for your input, and your time. I apologize for any inconvenience and thank you for your patience and understanding.

Please add your feedback in below link, so our production team can review it and update the same. Ideas · Community (azure.com)

MicrosoftDocs / entra-docs