Share via

Sync'ing on-prem AD Device attributes to Azure for use in Device Filters for Conditional Access (Moved Post)

Dingo Digits 6 Reputation points
2022-08-15T20:10:07.187+00:00

<<Note: Originally posted to Microsoft 365 community but was told Azure community would be a more appropriate place for this question.>>

We have a Hybrid AD Joined setup with our devices and I've added a value to a Windows Active Directory attribute "extensionAttribute1", that I'd like to be able to use in the "Filter for Devices" in our Conditional Access policies.

231242-capture1.jpg

This is a device attribute and I know it's not working as I created an Azure AD dynamic device group to test.
231224-capture2.jpg

I suspect it may be a Azure AD Connect issue as when I go to add the Windows Active Directory attribute "extensionAttribute1", there is a "user" and a "group" extensionAttribute1 available but not a "device" attribute. I've seen there's an AD Connect mapping component but I don't know if something can be mapped if it doesn't exist as an option to begin with. I also haven't figured out how to check Azure AD to verify if the value had propagated to AAD in any form.

231253-capture3.jpg

Any help in how to get Active Directory attributes into Azure AD to use for Device Filters for Conditional Access would be appreciated!!

Thanks

Windows for business Windows Client for IT Pros Directory services Active Directory
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2022-08-16T14:40:47.63+00:00

    Hello,

    Unfortunately, these attributes are online synchronized for Users for Exchange Online and SharePoint online.

    You can find this, and other attributes that are synchronized by Azure AD here:
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-sync-attributes-synchronized

    In order to request this feature and propose the functionality, you can submit a Feedback directly to Microsoft through the official Azure Feedback portal:
    https:// feedback. azure. com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4

    -------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Dingo Digits 6 Reputation points
    2022-08-16T18:24:03.98+00:00

    Thanks Limitless, maybe then I'm looking at the wrong place. I want to Azure AD sync my Active Directory device "extensionAttribute1" to the device "ExtensionAttribute1" attribute shown in the Filter for Devices options dropdown:

    231724-image.png

    Surely this can be done but I can't find how to do that in a sync rule. Any ideas?
    Thanks!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.