I had recently asked this question to Microsoft and thought I should share. Question: I am trying to make sense of the security AOT property ManagedBy. I can understand if I have to put something there to indicate it is being managed manually but why does best practice accept only the two values (that I found): Manual CodeAnalysis I have searched on msdn for more help but all it says is: ManagedBy Optional This property is for use by automation tools. http://msdn.microsoft.com/en-us/library/gg731858.aspx Answer: This property is used by one of our automation tools internally. We were using it simply so that we could write automations to help the feature teams to make sure they had all of the new security aspects covered for their objects. It could be used by a custom tool that checks the objects to make sure that all the security is implemented correctly for the objects by checking if the object should be managed manually or automatically.