Hello @Ajithkumar M
I would like to share following details with you with regards to your ask and updated the hyperlinks so that your review the documentation reference as well.
What is Azure AD extension attributes or Directory Extension attributes?
- Directory extension attributes, also called Azure AD extensions, provide a way to store additional data in Azure Active Directory on user objects and other directory objects such as groups, tenant details, service principals.
- Only extension attributes on user objects can be used for emitting claims to applications. These so called Directory extension attributes are always associated with an application in the tenant and are referenced by the application's appId in their name.
What are Custom Security Attributes?
- Custom security attributes in Azure Active Directory (Azure AD) are business-specific attributes (key-value pairs) that you can define and assign to Azure AD objects.
- These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources.
- Custom security attributes can be used with Azure attribute-based access control (Azure ABAC).
How do custom security attributes compare with directory schema extensions?
Here are some ways that custom security attributes compare with directory schema extensions:
- Directory schema extensions cannot be used for authorization scenarios and attributes because the access control for the extension attributes is tied to the Azure AD object. Custom security attributes can be used for authorization and attributes needing access control because the custom security attributes can be managed and protected through separate permissions.
- Directory schema extensions are tied to an application and share the lifecycle of an application. Custom security attributes are tenant wide and not tied to an application.
- Directory schema extensions support assigning a single value to an attribute. Custom security attributes support assigning multiple values to an attribute.
I hope this helps you to understand more about Azure AD Extension attribute and Custom Security Attributes.
----------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well