>
    Strata Copilot
    Cloud Identity Engine Attributes (Azure)
    Focus
    Download PDF
    Focus
    1. Home
    2. Identity
    3. Manage the Cloud Identity Engine App
    4. Cloud Identity Engine Attributes
    5. Cloud Identity Engine Attributes (Azure)
    Download PDF
    Identity

    Cloud Identity Engine Attributes (Azure)

    Table of Contents

    Cloud Identity Engine Attributes (Azure)

    Learn about Entra-ID / Azure attributes.
    You can collect the following types of default attributes and their associated Active Directory fields:

    User Attributes

    Directory Sync AttributeDirectory Field
    BusinessPhonesbusinessPhones
    CompanyNamecompanyName
    Countrycountry
    Departmentdepartment
    EmployeeIdemployeeId
    FaxNumberfaxNumber
    Given NamegivenName
    GroupsmemberOf
    IsResourceAccountisResourceAccount
    LastPasswordChangeDateTimelastPasswordChangeDateTime
    LocationofficeLocation
    Mail
    If you do not configure a value for the Mail attribute, the Cloud Identity Engine uses the value of the User Principal Name.
    		mail
    Managermanager
    MobilePhonemobilePhone
    NamedisplayName
    OnPremisesDistinguishedNameonPremisesDistinguishedName
    OnPremisesDomainNameonPremisesDomainName
    OnPremisesExtensionAttributesonPremisesExtensionAttributes
    OnPremisesImmutableIdonPremisesImmutableId
    OnPremisesLastSyncDataTimeonPremisesLastSyncDateTime
    OnPremisesProvisioningErrorsonPremisesProvisioningErrors
    OnPremisesSamAccountNameonPremisesSamAccountName
    OnPremisesSyncEnabledonPremisesSyncEnabled
    OtherMailsotherMails
    PasswordPoliciespasswordPolicies
    PasswordProfilepasswordProfile
    PostalCodepostalCode
    PreferredLanguagepreferredLanguage
    SignInSessionsValidFromDateTimesignInSessionsValidFromDateTime
    Statestate
    StreetAddressstreetAddress
    Sur Namesurname
    TitlejobTitle
    Unique IdentifierobjectGUID
    UsageLocationusageLocation
    User Principal NameuserPrincipalName
    UserAccountControlaccountEnabled
    UserTypeuserType
    createdDateTimecreatedDateTime
    onPremisesSecurityIdentifieronPremisesSecurityIdentifier
    onPremisesUserPrincipalNameonPremisesUserPrincipalName

    Role Assignments Attributes

    The Cloud Identity Engine only collects these attributes if you select the Collect Roles and Administrators (Administrative roles) option when you set up your Azure directory.
    Directory Sync AttributeDirectory Field
    Descriptiondescription
    Is BuiltinisBuiltIn
    Is EnabledisEnabled
    NamedisplayName
    Role PermissionsrolePermissions
    Template IdtemplateId
    Unique IdentifierobjectGUID

    Group Attributes

    Directory Sync AttributeDirectory Field
    Classificationclassification
    DeletedDateTimedeletedDateTime
    Descriptiondescription
    Group TypegroupTypes
    GroupsmemberOf
    Mail mail
    Mail Nick NamemailNickname
    MailEnabledmailEnabled
    Membermember
    NamedisplayName
    OnPremisesDomainNameonPremisesDomainName
    OnPremisesLastSyncDateTimeonPremisesLastSyncDateTime
    OnPremisesProvisioningErrorsonPremisesProvisioningErrors
    OnPremisesSecurityIdentifieronPremisesSecurityIdentifier
    OnPremisesSyncEnabledonPremisesSyncEnabled
    RenewedDateTimerenewedDateTime
    SAM Account NameonPremisesSamAccountName
    SIDsecurityIdentifier
    SecurityEnabledsecurityEnabled
    Unique IdentifierobjectGUID
    Visibilityvisibility
    createdDateTimecreatedDateTime

    Computer Attributes

    Directory Sync AttributeDirectory Field
    ComplianceExpirationDateTimecomplianceExpirationDateTime
    Device ID deviceId
    GroupsmemberOf
    IsCompliantisCompliant
    IsManagedisManaged
    LastLogonTimeapproximateLastSignInDateTime
    Manufacturermanufacturer
    MdmAppIdmdmAppId
    Modelmodel
    NamedisplayName
    OSoperatingSystem
    OSVersionoperatingSystemVersion
    ProfileTypeprofileType
    Serial NumberdeviceId
    SystemLabelssystemLabels
    TrustTypetrustType
    Unique IdentifierobjectGUID
    UserAccountControlaccountEnabled
    createdDateTimecreatedDateTime

    Application Attributes

    Directory Sync AttributeDirectory Field
    App IdappId
    App RolesappRoles
    Application TemplateIdapplicationTemplateId
    Descriptiondescription
    DisabledByMicrosoftStatusdisabledByMicrosoftStatus
    Identifier UrisidentifierUris
    NamedisplayName
    Unique IdentifierobjectGUID
    createdDateTimecreatedDateTime
    webweb

    © 2026 Palo Alto Networks, Inc. All rights reserved.