Create Custom Security Attributes for Agent and Resource Classification

Implementation Effort: Medium – Requires defining an attribute taxonomy across agent identities and target resources, coordinating with application owners to tag resources, and assigning attributes to agents through the Agent Registry or Entra admin center.
User Impact: Low – Attribute creation and assignment is an administrative action; end users and agents are not affected until policies consume the attributes.

Overview

Custom security attributes are the primary mechanism for Conditional Access to distinguish between agents at scale, and they must be defined on both agent identities and target resources as a single design decision. Without attributes, CA policies can only target all agent identities, individual agent identities by object ID, or agent identities grouped by blueprint. Attributes unlock the most powerful targeting pattern: filtering agents and resources by department, approval status, sensitivity tier, or any organization-defined classification. The Conditional Access for Agent ID documentation demonstrates this with an attribute set called AgentAttributes containing an AgentApprovalStatus attribute (with values like New, In_Review, HR_Approved, Finance_Approved, IT_Approved) and a corresponding ResourceAttributes set with a Department attribute (Finance, HR, IT, Marketing, Sales). The policy then matches agents to resources — for example, only HR_Approved agents can access HR-tagged resources.

This supports Verify explicitly because every token acquisition by an agent is evaluated against the agent's classification attributes and the resource's classification attributes, ensuring access decisions reflect the agent's actual authorization status. It supports Use least privilege access by enabling fine-grained segmentation — agents only reach the resources their attributes authorize, rather than having broad access. If this task is not completed, the organization cannot deploy attribute-based CA policies and must fall back to coarse all-or-nothing controls, or manually manage individual agent exceptions by object ID — an approach that does not scale. The attribute taxonomy must be designed for both agents and resources simultaneously; designing them independently creates mismatched classifications that CA policies cannot bridge.

Reference

• Conditional Access for Agent ID (Preview)
• Filter for applications in Conditional Access
• Add or deactivate custom security attributes in Microsoft Entra ID
• Assign custom security attributes to an application
• Manage custom security attribute assignments using Microsoft Graph
• Microsoft Entra ID P1 — feature comparison