diff --git a/internal/test/random.go b/internal/test/random.go
index 2f618421..b97acd17 100644
--- a/internal/test/random.go
+++ b/internal/test/random.go
@@ -13,9 +13,16 @@ func init() {
 
 // RandomString returns a random alphanumeric string useful for testing purposes.
 func RandomString() string {
-	chars := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
+	alpha := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	numeric := []rune("0123456789")
+	chars := append(alpha, numeric...)
+
 	s := make([]rune, 8)
 	for i := range s {
+		if i == 0 {
+			s[i] = alpha[source.Intn(len(alpha))]
+		}
+
 		s[i] = chars[source.Intn(len(chars))]
 	}
 	return string(s)
diff --git a/internal/test/testing.go b/internal/test/testing.go
index b1e27158..2f194038 100644
--- a/internal/test/testing.go
+++ b/internal/test/testing.go
@@ -103,12 +103,14 @@ type Test struct {
 	ApplicationTemplatesClient                              *msgraph.ApplicationTemplatesClient
 	ApplicationsClient                                      *msgraph.ApplicationsClient
 	AppRoleAssignedToClient                                 *msgraph.AppRoleAssignedToClient
+	AttributeSetClient                                      *msgraph.AttributeSetClient
 	AuthenticationMethodsClient                             *msgraph.AuthenticationMethodsClient
 	AuthenticationStrengthPoliciesClient                    *msgraph.AuthenticationStrengthPoliciesClient
 	B2CUserFlowClient                                       *msgraph.B2CUserFlowClient
 	ClaimsMappingPolicyClient                               *msgraph.ClaimsMappingPolicyClient
 	ConditionalAccessPoliciesClient                         *msgraph.ConditionalAccessPoliciesClient
 	ConnectedOrganizationClient                             *msgraph.ConnectedOrganizationClient
+	CustomSecurityAttributeDefinitionClient                 *msgraph.CustomSecurityAttributeDefinitionClient
 	DelegatedPermissionGrantsClient                         *msgraph.DelegatedPermissionGrantsClient
 	DirectoryAuditReportsClient                             *msgraph.DirectoryAuditReportsClient
 	DirectoryObjectsClient                                  *msgraph.DirectoryObjectsClient
@@ -150,8 +152,9 @@ type Test struct {
 }
 
 func NewTest(t *testing.T) (c *Test) {
-	ctx := context.Background()
 	var cancel context.CancelFunc
+	var ctx context.Context = context.Background()
+	var err error
 
 	if deadline, ok := t.Deadline(); ok {
 		ctx, cancel = context.WithDeadline(ctx, deadline)
@@ -178,7 +181,6 @@ func NewTest(t *testing.T) (c *Test) {
 	conn3.Authorize(ctx, conn.AuthConfig.Environment.MicrosoftGraph)
 	c.Connections["connected"] = conn3
 
-	var err error
 	c.Token, err = conn.Authorizer.Token(ctx, &http.Request{})
 	if err != nil {
 		t.Fatalf("could not acquire access token: %v", err)
@@ -260,6 +262,11 @@ func NewTest(t *testing.T) (c *Test) {
 	c.AppRoleAssignedToClient.BaseClient.Endpoint = *endpoint
 	c.AppRoleAssignedToClient.BaseClient.RetryableClient.RetryMax = retry
 
+	c.AttributeSetClient = msgraph.NewAttributeSetClient()
+	c.AttributeSetClient.BaseClient.Authorizer = c.Connections["default"].Authorizer
+	c.AttributeSetClient.BaseClient.Endpoint = *endpoint
+	c.AttributeSetClient.BaseClient.RetryableClient.RetryMax = retry
+
 	c.AuthenticationMethodsClient = msgraph.NewAuthenticationMethodsClient()
 	c.AuthenticationMethodsClient.BaseClient.Authorizer = c.Connections["default"].Authorizer
 	c.AuthenticationMethodsClient.BaseClient.Endpoint = *endpoint
@@ -290,6 +297,11 @@ func NewTest(t *testing.T) (c *Test) {
 	c.ConnectedOrganizationClient.BaseClient.Endpoint = *endpoint
 	c.ConnectedOrganizationClient.BaseClient.RetryableClient.RetryMax = retry
 
+	c.CustomSecurityAttributeDefinitionClient = msgraph.NewCustomSecurityAttributeDefinitionClient()
+	c.CustomSecurityAttributeDefinitionClient.BaseClient.Authorizer = c.Connections["default"].Authorizer
+	c.CustomSecurityAttributeDefinitionClient.BaseClient.Endpoint = *endpoint
+	c.CustomSecurityAttributeDefinitionClient.BaseClient.RetryableClient.RetryMax = retry
+
 	c.DelegatedPermissionGrantsClient = msgraph.NewDelegatedPermissionGrantsClient()
 	c.DelegatedPermissionGrantsClient.BaseClient.Authorizer = c.Connections["default"].Authorizer
 	c.DelegatedPermissionGrantsClient.BaseClient.Endpoint = *endpoint
diff --git a/msgraph/attribute_set.go b/msgraph/attribute_set.go
new file mode 100644
index 00000000..05ded446
--- /dev/null
+++ b/msgraph/attribute_set.go
@@ -0,0 +1,165 @@
+package msgraph
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/hashicorp/go-azure-sdk/sdk/odata"
+)
+
+const (
+	attributeSetEntity = "/directory/attributeSets"
+)
+
+type AttributeSetClient struct {
+	BaseClient Client
+}
+
+func NewAttributeSetClient() *AttributeSetClient {
+	return &AttributeSetClient{
+		BaseClient: NewClient(Version10),
+	}
+}
+
+func (c *AttributeSetClient) List(ctx context.Context, query odata.Query) (*[]AttributeSet, int, error) {
+	resp, status, _, err := c.BaseClient.Get(
+		ctx,
+		GetHttpRequestInput{
+			OData:            query,
+			ValidStatusCodes: []int{http.StatusOK},
+			Uri: Uri{
+				Entity: attributeSetEntity,
+			},
+		},
+	)
+	if err != nil {
+		return nil, status, fmt.Errorf("AttributeSet.BaseClient.Get(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	var data struct {
+		AttributeSets []AttributeSet `json:"value"`
+	}
+
+	if err := json.Unmarshal(respBody, &data); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal(): %v", err)
+	}
+
+	return &data.AttributeSets, status, nil
+}
+
+func (c *AttributeSetClient) Create(ctx context.Context, attributeSet AttributeSet) (*AttributeSet, int, error) {
+	var status int
+	var newAttributeSet AttributeSet
+
+	body, err := json.Marshal(attributeSet)
+	if err != nil {
+		return nil, status, fmt.Errorf("json.Marshal(): %v", err)
+	}
+
+	requestInput := PostHttpRequestInput{
+		Body: body,
+		OData: odata.Query{
+			Metadata: odata.MetadataFull,
+		},
+		ValidStatusCodes: []int{
+			http.StatusCreated,
+			http.StatusOK,
+		},
+		Uri: Uri{
+			Entity: attributeSetEntity,
+		},
+	}
+
+	resp, status, _, err := c.BaseClient.Post(ctx, requestInput)
+	if err != nil {
+		return nil, status, fmt.Errorf("AttributeSetClient.BaseClient.Post(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	if err := json.Unmarshal(respBody, &newAttributeSet); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal():%v", err)
+	}
+
+	return &newAttributeSet, status, nil
+}
+
+func (c *AttributeSetClient) Get(ctx context.Context, id string, query odata.Query) (*AttributeSet, int, error) {
+	var AttributeSet AttributeSet
+
+	resp, status, _, err := c.BaseClient.Get(
+		ctx,
+		GetHttpRequestInput{
+			ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+			OData:                  query,
+			ValidStatusCodes:       []int{http.StatusOK},
+			Uri: Uri{
+				Entity: fmt.Sprintf("%s/%s", attributeSetEntity, id),
+			},
+		},
+	)
+	if err != nil {
+		return nil, status, fmt.Errorf("AttributeSetClient.BaseClient.Get(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	if err := json.Unmarshal(respBody, &AttributeSet); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal(): %v", err)
+	}
+
+	return &AttributeSet, status, nil
+}
+
+func (c *AttributeSetClient) Update(ctx context.Context, AttributeSet AttributeSet) (int, error) {
+	var status int
+
+	if AttributeSet.ID == nil {
+		return status, fmt.Errorf("cannot update AttributeSet with a nil ID")
+	}
+
+	id := *AttributeSet.ID
+	AttributeSet.ID = nil
+
+	body, err := json.Marshal(AttributeSet)
+	if err != nil {
+		return status, fmt.Errorf("json.Marshal(): %v", err)
+	}
+
+	_, status, _, err = c.BaseClient.Patch(
+		ctx,
+		PatchHttpRequestInput{
+			Body:                   body,
+			ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+			ValidStatusCodes: []int{
+				http.StatusOK,
+				http.StatusNoContent,
+			},
+			Uri: Uri{
+				Entity: fmt.Sprintf("%s/%s", attributeSetEntity, id),
+			},
+		},
+	)
+	if err != nil {
+		return status, fmt.Errorf("AttributeSetClient.BaseClient.Patch(): %v", err)
+	}
+
+	return status, nil
+}
diff --git a/msgraph/attribute_set_test.go b/msgraph/attribute_set_test.go
new file mode 100644
index 00000000..a214daff
--- /dev/null
+++ b/msgraph/attribute_set_test.go
@@ -0,0 +1,107 @@
+package msgraph_test
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/hashicorp/go-azure-sdk/sdk/odata"
+	"github.com/manicminer/hamilton/internal/test"
+	"github.com/manicminer/hamilton/internal/utils"
+	"github.com/manicminer/hamilton/msgraph"
+)
+
+const attributeSetId = "test"
+
+func TestAttributeSetClient(t *testing.T) {
+	c := test.NewTest(t)
+	defer c.CancelFunc()
+
+	c.AttributeSetClient.BaseClient.DisableRetries = true
+	_, status, err := c.AttributeSetClient.Get(c.Context, attributeSetId, odata.Query{})
+	c.AttributeSetClient.BaseClient.DisableRetries = false
+	if err != nil {
+		if status != http.StatusNotFound {
+			t.Fatalf("AttributeSetClient.Get(): unable to retrieve attribute set for testing: %v", err)
+		}
+
+		testAttributeSetClientCreate(
+			t,
+			c,
+			msgraph.AttributeSet{
+				Description: utils.StringPtr("test attribute set"),
+				ID:          utils.StringPtr(attributeSetId),
+			},
+		)
+	}
+
+	testAttributeSetClientGet(t, c, attributeSetId)
+	testAttributeSetClientUpdate(
+		t,
+		c,
+		msgraph.AttributeSet{
+			ID:          utils.StringPtr(attributeSetId),
+			Description: utils.StringPtr("updated test description"),
+		},
+	)
+
+	testAttributeSetClientList(t, c)
+}
+
+func testAttributeSetClientCreate(t *testing.T, c *test.Test, csad msgraph.AttributeSet) *msgraph.AttributeSet {
+
+	attributeSet, status, err := c.AttributeSetClient.Create(c.Context, csad)
+	if err != nil {
+		t.Fatalf("AttributeSetClient.Create(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AttributeSetClient.Create(): invalid status:%d", status)
+	}
+	if attributeSet == nil {
+		t.Fatalf("AttributeSet.Create(): attributeSet was nil")
+	}
+	if attributeSet.ID == nil {
+		t.Fatalf("AttributeSetClient.Create(): attributeSet.ID was nil")
+	}
+
+	return attributeSet
+}
+
+func testAttributeSetClientGet(t *testing.T, c *test.Test, id string) *msgraph.AttributeSet {
+	attributeSet, status, err := c.AttributeSetClient.Get(c.Context, id, odata.Query{})
+	if err != nil {
+		t.Fatalf("AttributeSetClient.Get(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AttributeSet.Client.Get(): invalid status: %d", status)
+	}
+	if attributeSet == nil {
+		t.Fatalf("AttributeSetClient.Get(): attributeSet was nil")
+	}
+
+	return attributeSet
+}
+
+func testAttributeSetClientList(t *testing.T, c *test.Test) *[]msgraph.AttributeSet {
+	attributeSets, _, err := c.AttributeSetClient.List(
+		c.Context,
+		odata.Query{Top: 10},
+	)
+	if err != nil {
+		t.Fatalf("AttributeSetClient.List(): %v", err)
+	}
+	if attributeSets == nil {
+		t.Fatalf("AttributeSetClient.List(): attributeSets was nil")
+	}
+
+	return attributeSets
+}
+
+func testAttributeSetClientUpdate(t *testing.T, c *test.Test, csad msgraph.AttributeSet) {
+	status, err := c.AttributeSetClient.Update(c.Context, csad)
+	if err != nil {
+		t.Fatalf("AttributeSetClient.Update(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AttributeSetClient.Update(): invalid status: %d", status)
+	}
+}
diff --git a/msgraph/custom_security_attributes.go b/msgraph/custom_security_attributes.go
new file mode 100644
index 00000000..d3337e78
--- /dev/null
+++ b/msgraph/custom_security_attributes.go
@@ -0,0 +1,226 @@
+package msgraph
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/hashicorp/go-azure-sdk/sdk/odata"
+	"github.com/manicminer/hamilton/internal/utils"
+)
+
+const (
+	// customSecurityAttributeDefinitionEntity is a static string used by all methods on the
+	// CustomSecurityAttributeDefinitionClient struct
+	customSecurityAttributeDefinitionEntity = "/directory/customSecurityAttributeDefinitions"
+)
+
+// CustomSecurityAttributeDefinitionClient returns a BaseClient to enable interaction with the
+// graph API
+type CustomSecurityAttributeDefinitionClient struct {
+	BaseClient Client
+}
+
+// NewCustomSecurityAttributeDefinitionClient returns a new instance of
+// CustomSecurityAttributeDefinitionClient
+func NewCustomSecurityAttributeDefinitionClient() *CustomSecurityAttributeDefinitionClient {
+	return &CustomSecurityAttributeDefinitionClient{
+		BaseClient: NewClient(Version10),
+	}
+}
+
+// List returns a slice of CustomSecurityAttributeDefinition, the HTTP status code and any errors
+func (c *CustomSecurityAttributeDefinitionClient) List(ctx context.Context, query odata.Query) (*[]CustomSecurityAttributeDefinition, int, error) {
+	resp, status, _, err := c.BaseClient.Get(
+		ctx,
+		GetHttpRequestInput{
+			OData:            query,
+			ValidStatusCodes: []int{http.StatusOK},
+			Uri: Uri{
+				Entity: customSecurityAttributeDefinitionEntity,
+			},
+		},
+	)
+	if err != nil {
+		return nil, status, fmt.Errorf("CustomSecurityAttributeDefinition.BaseClient.Get(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	var data struct {
+		CustomSecurityAttributeDefinitions []CustomSecurityAttributeDefinition `json:"value"`
+	}
+
+	if err := json.Unmarshal(respBody, &data); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal(): %v", err)
+	}
+
+	return &data.CustomSecurityAttributeDefinitions, status, nil
+}
+
+// Create will create a CustomSecurityAttributeDefinition and return the result, HTTP status code
+// as well as any errors
+func (c *CustomSecurityAttributeDefinitionClient) Create(ctx context.Context, customSecurityAttributeDefinition CustomSecurityAttributeDefinition) (*CustomSecurityAttributeDefinition, int, error) {
+	var status int
+	var newCustomSecurityAttributeDefinition CustomSecurityAttributeDefinition
+
+	body, err := json.Marshal(customSecurityAttributeDefinition)
+	if err != nil {
+		return nil, status, fmt.Errorf("json.Marshal(): %v", err)
+	}
+
+	requestInput := PostHttpRequestInput{
+		Body: body,
+		OData: odata.Query{
+			Metadata: odata.MetadataFull,
+		},
+		ValidStatusCodes: []int{http.StatusCreated},
+		Uri: Uri{
+			Entity: customSecurityAttributeDefinitionEntity,
+		},
+	}
+
+	resp, status, _, err := c.BaseClient.Post(ctx, requestInput)
+	if err != nil {
+		return nil, status, fmt.Errorf("CustomSecurityAttributeDefinitionClient.BaseClient.Post(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	if err := json.Unmarshal(respBody, &newCustomSecurityAttributeDefinition); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal():%v", err)
+	}
+
+	return &newCustomSecurityAttributeDefinition, status, nil
+}
+
+// Get returns a single CustomSecurityAttributeDefinition, HTTP status code, and any errors
+func (c *CustomSecurityAttributeDefinitionClient) Get(ctx context.Context, id string, query odata.Query) (*CustomSecurityAttributeDefinition, int, error) {
+	var customSecurityAttributeDefinition CustomSecurityAttributeDefinition
+
+	resp, status, _, err := c.BaseClient.Get(
+		ctx,
+		GetHttpRequestInput{
+			ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+			OData:                  query,
+			ValidStatusCodes:       []int{http.StatusOK},
+			Uri: Uri{
+				Entity: fmt.Sprintf("%s/%s", customSecurityAttributeDefinitionEntity, id),
+			},
+		},
+	)
+	if err != nil {
+		return nil, status, fmt.Errorf("CustomSecurityAttributeDefinitionClient.BaseClient.Get(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	if err := json.Unmarshal(respBody, &customSecurityAttributeDefinition); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal(): %v", err)
+	}
+
+	return &customSecurityAttributeDefinition, status, nil
+}
+
+// Update will update a single CustomSecurityAttributeDefinition entity returning the HTTP status
+// code and any errors
+func (c *CustomSecurityAttributeDefinitionClient) Update(ctx context.Context, customSecurityAttributeDefinition CustomSecurityAttributeDefinition) (int, error) {
+	var status int
+
+	if customSecurityAttributeDefinition.ID == nil {
+		return status, fmt.Errorf("cannot update customSecurityAttributeDefinition with a nil ID")
+	}
+
+	id := *customSecurityAttributeDefinition.ID
+	customSecurityAttributeDefinition.ID = nil
+
+	body, err := json.Marshal(customSecurityAttributeDefinition)
+	if err != nil {
+		return status, fmt.Errorf("json.Marshal(): %v", err)
+	}
+
+	_, status, _, err = c.BaseClient.Patch(
+		ctx,
+		PatchHttpRequestInput{
+			Body:                   body,
+			ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+			ValidStatusCodes: []int{
+				http.StatusOK,
+				http.StatusNoContent,
+			},
+			Uri: Uri{
+				Entity: fmt.Sprintf("%s/%s", customSecurityAttributeDefinitionEntity, id),
+			},
+		},
+	)
+	if err != nil {
+		return status, fmt.Errorf("CustomSecurityAttributeDefinitionClient.BaseClient.Patch(): %v", err)
+	}
+
+	return status, nil
+}
+
+// Delete removes an instance of CustomSecurityAttributeDefinition by `id`
+func (c *CustomSecurityAttributeDefinitionClient) Delete(ctx context.Context, id string) (int, error) {
+	_, status, _, err := c.BaseClient.Delete(
+		ctx,
+		DeleteHttpRequestInput{
+			ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+			ValidStatusCodes:       []int{http.StatusNoContent},
+			Uri: Uri{
+				Entity: fmt.Sprintf("%s/%s", customSecurityAttributeDefinitionEntity, id),
+			},
+		},
+	)
+	if err != nil {
+		return status, fmt.Errorf("CustomSecurityAttributeDefinitionClient.BaseClient.Delete(): %v", err)
+	}
+
+	return status, nil
+}
+
+func (c *CustomSecurityAttributeDefinitionClient) Deactivate(ctx context.Context, id string) (int, error) {
+	var status int
+	var customSecurityAttributeDefinition CustomSecurityAttributeDefinition
+
+	customSecurityAttributeDefinition.Status = utils.StringPtr("Deprecated")
+
+	body, err := json.Marshal(customSecurityAttributeDefinition)
+	if err != nil {
+		return status, fmt.Errorf("json.Marshal(): %v", err)
+	}
+
+	_, status, _, err = c.BaseClient.Patch(
+		ctx,
+		PatchHttpRequestInput{
+			Body:                   body,
+			ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+			ValidStatusCodes: []int{
+				http.StatusOK,
+				http.StatusNoContent,
+			},
+			Uri: Uri{
+				Entity: fmt.Sprintf("%s/%s", customSecurityAttributeDefinitionEntity, id),
+			},
+		},
+	)
+	if err != nil {
+		return status, fmt.Errorf("customSecurityAttributeDefinitionClient.BaseClient.Patch(): %v", err)
+	}
+
+	return status, nil
+}
diff --git a/msgraph/custom_security_attributes_test.go b/msgraph/custom_security_attributes_test.go
new file mode 100644
index 00000000..d61ddbab
--- /dev/null
+++ b/msgraph/custom_security_attributes_test.go
@@ -0,0 +1,129 @@
+package msgraph_test
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/hashicorp/go-azure-sdk/sdk/odata"
+	"github.com/manicminer/hamilton/internal/test"
+	"github.com/manicminer/hamilton/internal/utils"
+	"github.com/manicminer/hamilton/msgraph"
+)
+
+func TestCustomSecurityAttributeDefinitionClient(t *testing.T) {
+	c := test.NewTest(t)
+	defer c.CancelFunc()
+
+	c.AttributeSetClient.BaseClient.DisableRetries = true
+	_, status, err := c.AttributeSetClient.Get(c.Context, attributeSetId, odata.Query{})
+	c.AttributeSetClient.BaseClient.DisableRetries = false
+	if err != nil {
+		if status != http.StatusNotFound {
+			t.Fatalf("AttributeSetClient.Get(): unable to retrieve attribute set for testing: %v", err)
+		}
+
+		_, _, err = c.AttributeSetClient.Create(
+			c.Context,
+			msgraph.AttributeSet{
+				Description: utils.StringPtr("custom_security_attributes test"),
+				ID:          utils.StringPtr(attributeSetId),
+			},
+		)
+		if err != nil {
+			t.Fatalf("AttributeSetClient.Create(): %v", err)
+		}
+	}
+
+	customSecurityAttributeDefinition := testCustomSecurityAttributeDefinitionClientCreate(
+		t,
+		c,
+		msgraph.CustomSecurityAttributeDefinition{
+			AttributeSet:            utils.StringPtr(attributeSetId),
+			Description:             utils.StringPtr("test description"),
+			IsCollection:            utils.BoolPtr(false),
+			IsSearchable:            utils.BoolPtr(false),
+			Name:                    utils.StringPtr(c.RandomString),
+			Status:                  utils.StringPtr("Available"),
+			Type:                    utils.StringPtr("Boolean"),
+			UsePreDefinedValuesOnly: utils.BoolPtr(false),
+		},
+	)
+
+	defer func() {
+		_, err := c.CustomSecurityAttributeDefinitionClient.Deactivate(c.Context, *customSecurityAttributeDefinition.ID)
+		if err != nil {
+			t.Fatalf("CustomSecurityAttributeDefinitionClient.Deactivate(): %v", err)
+		}
+	}()
+
+	testCustomSecurityAttributeDefinitionClientGet(t, c, *customSecurityAttributeDefinition.ID)
+	testCustomSecurityAttributeDefinitionClientUpdate(
+		t,
+		c,
+		msgraph.CustomSecurityAttributeDefinition{
+			ID:          customSecurityAttributeDefinition.ID,
+			Description: utils.StringPtr("updated test description"),
+		},
+	)
+
+	testCustomSecurityAttributeDefinitionClientList(t, c)
+}
+
+func testCustomSecurityAttributeDefinitionClientCreate(t *testing.T, c *test.Test, csad msgraph.CustomSecurityAttributeDefinition) *msgraph.CustomSecurityAttributeDefinition {
+
+	customSecurityAttributeDefinition, status, err := c.CustomSecurityAttributeDefinitionClient.Create(c.Context, csad)
+	if err != nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Create(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Create(): invalid status:%d", status)
+	}
+	if customSecurityAttributeDefinition == nil {
+		t.Fatalf("CustomSecurityAttributeDefinition.Create(): customSecurityAttributeDefinition was nil")
+	}
+	if customSecurityAttributeDefinition.ID == nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Create(): customSecurityAttributeDefinition.ID was nil")
+	}
+
+	return customSecurityAttributeDefinition
+}
+
+func testCustomSecurityAttributeDefinitionClientGet(t *testing.T, c *test.Test, id string) *msgraph.CustomSecurityAttributeDefinition {
+	customSecurityAttributeDefinition, status, err := c.CustomSecurityAttributeDefinitionClient.Get(c.Context, id, odata.Query{})
+	if err != nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Get(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("CustomSecurityAttributeDefinition.Client.Get(): invalid status: %d", status)
+	}
+	if customSecurityAttributeDefinition == nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Get(): customSecurityAttributeDefinition was nil")
+	}
+
+	return customSecurityAttributeDefinition
+}
+
+func testCustomSecurityAttributeDefinitionClientList(t *testing.T, c *test.Test) *[]msgraph.CustomSecurityAttributeDefinition {
+	customSecurityAttributeDefinitions, _, err := c.CustomSecurityAttributeDefinitionClient.List(
+		c.Context,
+		odata.Query{Top: 10},
+	)
+	if err != nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.List(): %v", err)
+	}
+	if customSecurityAttributeDefinitions == nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.List(): customSecurityAttributeDefinitions was nil")
+	}
+
+	return customSecurityAttributeDefinitions
+}
+
+func testCustomSecurityAttributeDefinitionClientUpdate(t *testing.T, c *test.Test, csad msgraph.CustomSecurityAttributeDefinition) {
+	status, err := c.CustomSecurityAttributeDefinitionClient.Update(c.Context, csad)
+	if err != nil {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Update(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("CustomSecurityAttributeDefinitionClient.Update(): invalid status: %d", status)
+	}
+}
diff --git a/msgraph/models.go b/msgraph/models.go
index 66d89bf9..779f6c8d 100644
--- a/msgraph/models.go
+++ b/msgraph/models.go
@@ -2242,3 +2242,21 @@ type UserFlowAttribute struct {
 	UserFlowAttributeType *string                    `json:"userFlowAttributeType,omitempty"`
 	DataType              *UserflowAttributeDataType `json:"dataType,omitempty"`
 }
+
+type AttributeSet struct {
+	ID                  *string `json:"id,omitempty"`
+	Description         *string `json:"description,omitempty"`
+	MaxAttributesPerSet *int32  `json:"maxAttributesPerSet,omitempty"`
+}
+
+type CustomSecurityAttributeDefinition struct {
+	AttributeSet            *string `json:"attributeSet,omitempty"`
+	Description             *string `json:"description,omitempty"`
+	ID                      *string `json:"id,omitempty"`
+	IsCollection            *bool   `json:"isCollection,omitempty"`
+	IsSearchable            *bool   `json:"isSearchable,omitempty"`
+	Name                    *string `json:"name,omitempty"`
+	Status                  *string `json:"status,omitempty"`
+	Type                    *string `json:"type,omitempty"`
+	UsePreDefinedValuesOnly *bool   `json:"usePreDefinedValuesOnly,omitempty"`
+}