Sync'ing on-prem AD Device attributes to Azure for use in Device Filters for Conditional Access (Moved Post)

Dingo Digits 6 Reputation points
2022-08-15T20:10:07.187+00:00

<<Note: Originally posted to Microsoft 365 community but was told Azure community would be a more appropriate place for this question.>>

We have a Hybrid AD Joined setup with our devices and I've added a value to a Windows Active Directory attribute "extensionAttribute1", that I'd like to be able to use in the "Filter for Devices" in our Conditional Access policies.

231242-capture1.jpg

This is a device attribute and I know it's not working as I created an Azure AD dynamic device group to test.
231224-capture2.jpg

I suspect it may be a Azure AD Connect issue as when I go to add the Windows Active Directory attribute "extensionAttribute1", there is a "user" and a "group" extensionAttribute1 available but not a "device" attribute. I've seen there's an AD Connect mapping component but I don't know if something can be mapped if it doesn't exist as an option to begin with. I also haven't figured out how to check Azure AD to verify if the value had propagated to AAD in any form.

231253-capture3.jpg

Any help in how to get Active Directory attributes into Azure AD to use for Device Filters for Conditional Access would be appreciated!!

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,880 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,515 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,356 Reputation points
    2022-08-16T14:40:47.63+00:00

    Hello,

    Unfortunately, these attributes are online synchronized for Users for Exchange Online and SharePoint online.

    You can find this, and other attributes that are synchronized by Azure AD here:
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized

    In order to request this feature and propose the functionality, you can submit a Feedback directly to Microsoft through the official Azure Feedback portal:
    https:// feedback. azure. com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4

    -------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Dingo Digits 6 Reputation points
    2022-08-16T18:24:03.98+00:00

    Thanks Limitless, maybe then I'm looking at the wrong place. I want to Azure AD sync my Active Directory device "extensionAttribute1" to the device "ExtensionAttribute1" attribute shown in the Filter for Devices options dropdown:

    231724-image.png

    Surely this can be done but I can't find how to do that in a sync rule. Any ideas?
    Thanks!