Events
Take the Microsoft Learn Challenge
Nov 19, 11 PM - Jan 10, 11 PM
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Certain attributes in Microsoft Entra ID can be used to segment users in information barriers (IB). Once segments are defined, those segments can be used as filters for IB policies. For example, you might use Department to define segments of users by department within your organization (assuming no single employee works for two departments at the same time).
This article describes how to use attributes with information barriers, and it provides a list of attributes that can be used. To learn more about information barriers, see the following resources:
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
The attributes listed in this article can be used to define or edit segments of users. Your defined segments serve as parameters (called UserGroupFilter values) in IB policies.
Determine which attribute you want to use to define segments. (See the Reference section in this article.)
Make sure the user accounts have values filled in for the attribute(s) you selected in Step 1. View user account details, and if necessary, edit user accounts to include attribute values.
Define segments using PowerShell, similar to the following examples:
Example | Cmdlet |
---|---|
Define a segment called Segment1 using the Department attribute | New-OrganizationSegment -Name "Segment1" -UserGroupFilter "Department -eq 'Department1'" |
Define a segment called SegmentA using the MemberOf attribute (suppose this attribute contains group names, such as "BlueGroup") | New-OrganizationSegment -Name "SegmentA" -UserGroupFilter "MemberOf -eq 'BlueGroup'" |
Define a segment called DayTraders using ExtensionAttribute1 (suppose this attribute contains job titles, such as "DayTrader") | New-OrganizationSegment -Name "DayTraders" -UserGroupFilter "ExtensionAttribute1 -eq 'DayTrader'" |
Tip
When you define segments, use the same attribute for all your segments. For example, if you define some segments using Department, define all of the segments using Department. Don't define some segments using Department and others using MemberOf. Make sure your segments do not overlap; each user should be assigned to exactly one segment.
The following table lists the attributes that you can use with information barriers.
Microsoft Entra property name (LDAP display name) |
Exchange property name |
---|---|
Co | Co |
Company | Company |
Department | Department |
ExtensionAttribute1 | CustomAttribute1 |
ExtensionAttribute2 | CustomAttribute2 |
ExtensionAttribute3 | CustomAttribute3 |
ExtensionAttribute4 | CustomAttribute4 |
ExtensionAttribute5 | CustomAttribute5 |
ExtensionAttribute6 | CustomAttribute6 |
ExtensionAttribute7 | CustomAttribute7 |
ExtensionAttribute8 | CustomAttribute8 |
ExtensionAttribute9 | CustomAttribute9 |
ExtensionAttribute10 | CustomAttribute10 |
ExtensionAttribute11 | CustomAttribute11 |
ExtensionAttribute12 | CustomAttribute12 |
ExtensionAttribute13 | CustomAttribute13 |
ExtensionAttribute14 | CustomAttribute14 |
ExtensionAttribute15 | CustomAttribute15 |
MSExchExtensionCustomAttribute1 | ExtensionCustomAttribute1 |
MSExchExtensionCustomAttribute2 | ExtensionCustomAttribute2 |
MSExchExtensionCustomAttribute3 | ExtensionCustomAttribute3 |
MSExchExtensionCustomAttribute4 | ExtensionCustomAttribute4 |
MSExchExtensionCustomAttribute5 | ExtensionCustomAttribute5 |
MailNickname | Alias |
PhysicalDeliveryOfficeName | Office |
PostalCode | PostalCode |
ProxyAddresses | EmailAddresses |
StreetAddress | StreetAddress |
TargetAddress | ExternalEmailAddress |
UsageLocation | UsageLocation |
UserPrincipalName | UserPrincipalName |
WindowsEmailAddress | |
Description | Description |
MemberOf | MemberOfGroup |
Events
Take the Microsoft Learn Challenge
Nov 19, 11 PM - Jan 10, 11 PM
Ignite Edition - Build skills in Microsoft security products and earn a digital badge by January 10!
Register now