What If Tool

Hello Raymond,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I will try to guide you in this scenario. The What If tool simulates Conditional Access policy evaluation based on user, device, and session parameters. And Custom Security Attributes are relatively new in Microsoft Entra ID and allow organizations to define custom key-value pairs for users. The tool’s evaluation engine does not parse or apply rules involving these attributes, meaning:

1. Policies that depend on custom attributes will not be reflected in the simulation.
2. Both legacy and preview versions share this limitation.

This is a known gap because the What If tool currently supports only built-in attributes and conditions.

So, yes you guessed it right as There is no official support for custom security attributes in the What If tool as of today. You must manually validate policies using sign-in logs or test accounts.

Unfortunately, we do not have this in our roadmap for now as Microsoft has not published an ETA for adding this feature.

However, you can post your feedback in our Azure feedback portal regarding the feature. 

https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

This channel is directly monitored by our PM's. They will look into this request and revert back to you directly with an update on this feature.

Hope this helps! If it answered your question, please consider clicking Accept Answer and Upvote. This will help us and others in the community as well.

If you need more info, feel free to ask in the comments. Happy to help!

Regards,

Monalisha