New-EntraCustomSecurityAttributeDefinition
Create a new customSecurityAttributeDefinition object.
Syntax
New-EntraCustomSecurityAttributeDefinition
-IsSearchable <Boolean>
[-Description <String>]
-IsCollection <Boolean>
-AttributeSet <String>
-Type <String>
-Name <String>
-Status <String>
-UsePreDefinedValuesOnly <Boolean>
[<CommonParameters>] Description
The New-EntraCustomSecurityAttributeDefinition cmdlet creates a new customSecurityAttributeDefinition object. Specify IsSearchable, IsCollection, AttributeSet, Type, Name, Status and UsePreDefinedValuesOnly parameters for create a new custom security attribute definition.
You can define up to 500 active objects in a tenant.
In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with the necessary permissions. The Attribute Definition Administrator is the only privileged role supported for this operation.
Examples
Example 1: Add a custom security attribute
Connect-Entra -Scopes 'CustomSecAttributeDefinition.Read.All','CustomSecAttributeDefinition.ReadWrite.All'
$AttributeSet = Get-EntraAttributeSet -Id '<CustomAttributeSetId>'
$params = @{
Name = 'ProjectTest'
Description = 'Target completion'
Type = 'String'
Status = 'Available'
AttributeSet = $AttributeSet.Id
IsCollection = $False
IsSearchable = $True
UsePreDefinedValuesOnly = $True
}
New-EntraCustomSecurityAttributeDefinition @params
Id AttributeSet Description IsCollection IsSearchable Name Status Type UsePreDefinedValuesOnly
-- ------------ ----------- ------------ ------------ ---- ------ ---- -----------------------
Test_ProjectTest Test Target completion False True ProjectTest Available String FalseThis example demonstrates how to add a custom security attribute.
-Nameparameter specifies the name of the custom security attribute.-Descriptionparameter specifies the description of the custom security attribute.-Typeparameter specifies the data type for the custom security attribute values.-Statusparameter specifies the custom security attribute is active or deactivated.-AttributeSetparameter specifies the name of attribute set.-IsCollectionparameter specifies the allows multiple values can be assigned to the custom security attribute.-IsSearchableparameter specifies the custom security attribute values are indexed for searching on objects.-UsePreDefinedValuesOnlyparameter specifies the only predefined values can be assigned to the custom security attribute.
Parameters
-AttributeSet
Name of the attribute set. Case insensitive.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Description of the custom security attribute, up to 128 characters long and including Unicode characters. This description can be changed later.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsCollection
Indicates whether multiple values can be assigned to the custom security attribute. Can't be changed later. If type is set to Boolean, isCollection can't be set to true.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsSearchable
Indicates whether custom security attribute values are indexed for searching on objects that are assigned attribute values. Can't be changed later.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
Name of the custom security attribute. Must be unique within an attribute set. Can be up to 32 characters long and include Unicode characters. Can't contain spaces or special characters. Can't be changed later. Case insensitive.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Status
Specifies whether the custom security attribute is active or deactivated. Acceptable values are: Available and Deprecated. Can be changed later.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Type
Data type for the custom security attribute values. Supported types are: Boolean, Integer, and String. Can't be changed later.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UsePreDefinedValuesOnly
Indicates whether only predefined values can be assigned to the custom security attribute. If set to false, free-form values are allowed. Can later be changed from true to false, but can't be changed from false to true. If type is set to Boolean, usePreDefinedValuesOnly can't be set to true.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
System.Object