Information barriers attributes
Certain attributes in Microsoft Entra ID can be used to segment users in information barriers (IB). Once segments are defined, those segments can be used as filters for IB policies. For example, you might use Department to define segments of users by department within your organization (assuming no single employee works for two departments at the same time).
This article describes how to use attributes with information barriers, and it provides a list of attributes that can be used. To learn more about information barriers, see the following resources:
- Information barriers
- Define policies for information barriers in Microsoft Teams
- Edit (or remove) IB policies
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
The attributes listed in this article can be used to define or edit segments of users. Your defined segments serve as parameters (called UserGroupFilter values) in IB policies.
Determine which attribute you want to use to define segments. (See the Reference section in this article.)
Make sure the user accounts have values filled in for the attribute(s) you selected in Step 1. View user account details, and if necessary, edit user accounts to include attribute values.
- To edit multiple accounts (or use PowerShell to edit a single account), see Configure user account properties with Office 365 PowerShell.
- To edit a single account, see Add or update a user's profile information using Microsoft Entra ID.
Define segments using PowerShell, similar to the following examples:
Example Cmdlet Define a segment called Segment1 using the Department attribute New-OrganizationSegment -Name "Segment1" -UserGroupFilter "Department -eq 'Department1'"
Define a segment called SegmentA using the MemberOf attribute (suppose this attribute contains group names, such as "BlueGroup") New-OrganizationSegment -Name "SegmentA" -UserGroupFilter "MemberOf -eq 'BlueGroup'"
Define a segment called DayTraders using ExtensionAttribute1 (suppose this attribute contains job titles, such as "DayTrader") New-OrganizationSegment -Name "DayTraders" -UserGroupFilter "ExtensionAttribute1 -eq 'DayTrader'"
Tip
When you define segments, use the same attribute for all your segments. For example, if you define some segments using Department, define all of the segments using Department. Don't define some segments using Department and others using MemberOf. Make sure your segments do not overlap; each user should be assigned to exactly one segment.
The following table lists the attributes that you can use with information barriers.
Microsoft Entra property name (LDAP display name) |
Exchange property name |
---|---|
Co | Co |
Company | Company |
Department | Department |
ExtensionAttribute1 | CustomAttribute1 |
ExtensionAttribute2 | CustomAttribute2 |
ExtensionAttribute3 | CustomAttribute3 |
ExtensionAttribute4 | CustomAttribute4 |
ExtensionAttribute5 | CustomAttribute5 |
ExtensionAttribute6 | CustomAttribute6 |
ExtensionAttribute7 | CustomAttribute7 |
ExtensionAttribute8 | CustomAttribute8 |
ExtensionAttribute9 | CustomAttribute9 |
ExtensionAttribute10 | CustomAttribute10 |
ExtensionAttribute11 | CustomAttribute11 |
ExtensionAttribute12 | CustomAttribute12 |
ExtensionAttribute13 | CustomAttribute13 |
ExtensionAttribute14 | CustomAttribute14 |
ExtensionAttribute15 | CustomAttribute15 |
MSExchExtensionCustomAttribute1 | ExtensionCustomAttribute1 |
MSExchExtensionCustomAttribute2 | ExtensionCustomAttribute2 |
MSExchExtensionCustomAttribute3 | ExtensionCustomAttribute3 |
MSExchExtensionCustomAttribute4 | ExtensionCustomAttribute4 |
MSExchExtensionCustomAttribute5 | ExtensionCustomAttribute5 |
MailNickname | Alias |
PhysicalDeliveryOfficeName | Office |
PostalCode | PostalCode |
ProxyAddresses | EmailAddresses |
StreetAddress | StreetAddress |
TargetAddress | ExternalEmailAddress |
UsageLocation | UsageLocation |
UserPrincipalName | UserPrincipalName |
WindowsEmailAddress | |
Description | Description |
MemberOf | MemberOfGroup |