Adding your own custom attributes to Azure AD to store info and control access to other resources! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 Thanks for watching! ☁🤙💪
So for the first 40ish minutes, I was like 'why on earth would I need this in my tenant?'. Now I just want to get started on tagging everything. Thanks for another great vid!
thanks for explaining this so clearly in your own inimitable way. I have 2 questions: 1) If I had an app that allowed emplyees of grade c and above to perform some kind of activity (changing stock levels for example), whereas people of grade d and below could only read stock levels, could that all be handled by assigning the app a managed identity and then allowing that managed identity to read the relevant attributes from the attribute set? 2) What happens to custom/extended attributes in ADDS (on-prem). If I understand things correctly at present, those attributes don't transefer across to cloud identities? Does this change with AAD custome attributes? Is there some way in AD Connect to map fields across?
Apps could view the values and act accordingly including mi. Don’t sync from on prem today and you should look at Aad connect config as there are attributes today that sync from ad
Hi John, thanks for another wonderful video! I have a scenario where I would love to use a custom attribute for users that would allow me to assign tp dynamic use groups. Existing attributes won’t work. Could I use this or is their another approach?
Hi John, Thank you for the video. I really like that Global Admin by default don't see everything, so attributes could be used for sensitive data and only particular users could access it. So ti could be use for HR data as well. From technical perspective, if I want to drive permissions using these Security attributes, what I understood, these are mainly useful for Azure resources permissions - VM, Blob, whatever. However it is meant not to be for driving permissions for User / groups objects in Azure AD, correct? Scenario: I have a country admin, let's say "admin.germany" and I want him to fully manage AAD objects (mainly Users, Groups) which belongs to Germany, I was wondering whether this can be used for such case? For now I use the Administrative Units, however I don't like it much because the list (members of AU) has to be maintained manually. Thanks for tips. Also, another question - could those security attributes be used for Exchange RBAC scoping?
RUclips says they marked my comment as possible spam and you have to release it in the RUclips Studio Comments/Held for review. I gave you kudos for your best video yet. Not sure why they marked it as Spam.
Adding your own custom attributes to Azure AD to store info and control access to other resources! Please make sure to read the description for the chapters and key information about this video and others.
⚠ P L E A S E N O T E ⚠
🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there!
🕰 I don't discuss future content nor take requests for future content so please don't ask 😇
Thanks for watching!
☁🤙💪
So for the first 40ish minutes, I was like 'why on earth would I need this in my tenant?'.
Now I just want to get started on tagging everything. Thanks for another great vid!
Great video, i just had a client posing me questions regarding custom security attributes. Things are clear now and i can help him.
Thanks John.
This is a great great video, at the beginning was hard to understand, but I had watched 2 times and now it is crystal clear for me! a huge thanks!!!
Awesome, can definitely think of a few clients who will want this.
Thank you Sir, awesome video, took almost all day to consume, much appreciated, looks very powerful.
Massive thanks John! Your content are always awesome.
Thank you 🤙
once again another great video!
Glad you enjoyed it!
Awesome content thanks John!
Hope you don't mind if I go ahead and start using this in production😅
thanks for explaining this so clearly in your own inimitable way. I have 2 questions:
1) If I had an app that allowed emplyees of grade c and above to perform some kind of activity (changing stock levels for example), whereas people of grade d and below could only read stock levels, could that all be handled by assigning the app a managed identity and then allowing that managed identity to read the relevant attributes from the attribute set?
2) What happens to custom/extended attributes in ADDS (on-prem). If I understand things correctly at present, those attributes don't transefer across to cloud identities? Does this change with AAD custome attributes? Is there some way in AD Connect to map fields across?
Apps could view the values and act accordingly including mi. Don’t sync from on prem today and you should look at Aad connect config as there are attributes today that sync from ad
Another great video.....
Would be useful in conjunction with sensitivity labels
I wish this could be used for device account
Hi John, thanks for another wonderful video! I have a scenario where I would love to use a custom attribute for users that would allow me to assign tp dynamic use groups. Existing attributes won’t work. Could I use this or is their another approach?
Aad already has dynamic groups that can be based off attributes.
John , there should be a wrong spelling on some topics in the content list , it should be RBAC instead of ABAC. Great contents as usual !
No its ABAC. That is the point.
Can these be used to pass to a saml token with an SSO application tied to AAD?
Not yet
This would be very useful!
Hi John,
Thank you for the video.
I really like that Global Admin by default don't see everything, so attributes could be used for sensitive data and only particular users could access it. So ti could be use for HR data as well.
From technical perspective, if I want to drive permissions using these Security attributes, what I understood, these are mainly useful for Azure resources permissions - VM, Blob, whatever. However it is meant not to be for driving permissions for User / groups objects in Azure AD, correct?
Scenario: I have a country admin, let's say "admin.germany" and I want him to fully manage AAD objects (mainly Users, Groups) which belongs to Germany, I was wondering whether this can be used for such case?
For now I use the Administrative Units, however I don't like it much because the list (members of AU) has to be maintained manually.
Thanks for tips.
Also, another question - could those security attributes be used for Exchange RBAC scoping?
Recommend post to reddit. Sadly I can't read and help with questions of this length. Just don't have time. Sorry.
Hi John, was wonder if you got my post or should I try posting again?
There are lots of posts every day, I really don’t track and just try to respond where possible.
I posted again, saw it, but it looks like it was removed. @@NTFAQGuy
RUclips says they marked my comment as possible spam and you have to release it in the RUclips Studio Comments/Held for review. I gave you kudos for your best video yet. Not sure why they marked it as Spam.
@@hope42 don’t know but don’t see anything but appreciate you liking the videos. 🤙
Do any of these attributes sync back on prem?
No
@@NTFAQGuy I wish the answer to be "not yet" rather than No.
@@dejvoch The flow is nearly always AD to AAD with AD source of truth. Very few things every flow AAD to AD. Also I cannot speak to future.