Entra External ID
The backup service for Entra External ID supports protecting the users, groups, app registrations, enterprise applications, custom user attributes, user flows, identity providers, custom authentication extensions, and custom branding.
Entra External ID data recovery supports restoring the users, groups, app registrations, enterprise applications, custom user attributes, user flows, identity providers, custom authentication extensions, and custom branding to the original location. Refer to the following table for the supported object types you can protect in Entra External ID.
Users
| Component | Status | Comment |
|---|
| Profiles | Supported | |
| Photo | Unsupported | |
| Assigned roles | Supported | Only the eligible assignments and active assignments are supported. The expired assignments are unsupported. |
| Custom security attributes | Unsupported | |
| Administrative units | Supported | |
| Groups | Supported | |
| Applications | Supported | |
| License | UnSupported | |
| Devices | Unsupported | |
| Azure role assignments | Unsupported | |
| Authentication methods | Partially Supported | Alternative phone belongs to MFA. Backup and restore of MFA properties are not supported.Temporary Access Pass and QR code are not supported. |
| Extension attributes | Unsupported | |
Object Attributes
| Attribute | Status | Comment |
|---|
| accountEnabled | Supported | |
| ageGroup | Supported | |
| businessPhones | Supported | |
| city | Supported | |
| companyName | Supported | |
| consentProvidedForMinor | Supported | |
| country | Supported | |
| createdDateTime | Unsupported | |
| creationType | Unsupported | |
| deletedDateTime | Unsupported | |
| department | Supported | |
| employeeHireDate | Unsupported | |
| employeeId | Supported | |
| employeeOrgData | Supported | |
| employeeType | Supported | |
| externalUserState | Unsupported | |
| externalUserStateChangeDateTime | Unsupported | |
| faxNumber | Supported | |
| givenName | Supported | |
| identities | Supported | |
| jobTitle | Supported | |
| Last password change date time | Unsupported | |
| mail | Supported | |
| mailNickname | Supported | |
| mobilephone | Supported | |
| officeLocation | Supported | |
| onPremisesImmutableId | Supported | |
| onPremisesProvisioningErrors | Unsupported | |
| otherMails | Supported | |
| passwordPolicies | Supported | |
| postalCode | Supported | |
| preferredDataLocation | Supported | |
| preferredLanguage | Supported | |
| showInAddressList | Unsupported | |
| state | Supported | |
| streetAddress | Supported | |
| surname | Supported | |
| usageLocation | Supported | |
| userPrincipalName | Supported | |
| userType | Supported | |
| Manager | Supported | |
| Sponsors | Supported | |
| Display name | Supported | |
| Object ID | Partially Supported | The object ID can be restored if the user has not yet been permanently deleted from your Microsoft Entra tenant. |
| Sign in sessions valid from date time | Unsupported | |
| Authorization info | Supported | QR code is not supported. |
| Legal age group classification | UnSupported | |
Groups
| Data Type | Status |
|---|
| Properties | Supported |
| Photo | Unsupported |
| Members | Supported |
| Owners | Supported |
| Roles and administrators | Unsupported |
| Group memberships | Supported |
| Applications | Supported |
| Azure role assignments | Unsupported |
| Licenses | Unsupported |
Object Attributes
| Attribute | Status | Comment |
|---|
| deletedDateTime | Supported | |
| description | Supported | |
| groupTypes | Supported | |
| deducedGroupType | UnSupported | |
| mailEnabled | Supported | |
| mailNickname | Supported | |
| mail | Supported | |
| membershipRule | Supported | |
| membershipRuleProcessingState | Supported | |
| preferredDataLocation | Supported | |
| preferredLanguage | Supported | |
| resourceBehaviorOptions | Supported | |
| resourceProvisioningOptions | Supported | |
| securityEnabled | Supported | |
| securityIdentifier | Supported | |
| theme | Supported | |
| visibility | Supported | |
| isAssignableToRole | Supported | |
| Membership type | Supported | |
| Source | Supported | |
| Type | Supported | |
| Object ID | Partially supported | The object ID can be kept if the group has not yet been permanently deleted from your Microsoft Entra ID. |
| Created at | Unsupported | Read-only property in Microsoft Entra ID. |
| Email | Supported | |
| Direct members | Supported | |
| Group memberships | Supported | |
| Group name | Supported | |
| Group description | Supported | |
| Group writeback state | Supported | |
App Registration
| Component | Status | Comment |
|---|
| Branding | Supported | |
| Authentication | Supported | |
| Certificates | Supported | |
| Client secrets | Supported | |
| Federated credentials | Supported | |
| Token configuration | Supported | |
| API permissions | Partially Supported | Admin consent must be granted for API permissions after restore. Granting admin consent through restore is currently not supported. |
| Expose an API | Supported | |
| App roles | Supported | |
| Owners | Supported | |
| Roles and administrators | Unsupported | |
| Manifest | Unsupported | |
Enterprise Application
| Component | Status |
|---|
| Properties | Supported |
| Owners | Supported |
| Roles and administrators | Unsupported |
| Users and groups | Supported |
| Single sign-on | UnSupported |
| Provisioning | UnSupported |
| Application proxy | Unsupported |
| Self-service | Unsupported |
| Custom security attributes | Unsupported |
Custom User Attribute
| Data Type | Status |
|---|
| Name | Supported |
| Data Type | Supported |
| Description | Supported |
| Attribute Type | Supported |
User Flow
| Data Type | Status |
|---|
| Identity providers | Supported |
| User attributes | Supported |
| Custom authentication extensions | Supported |
| Page layouts | Supported |
| Languages | Unsupported |
| Applications | Supported |
| Customize | UnSupported |
| Use | Supported |
Identity Provider
| Data Type | Status |
|---|
| Built In | Supported |
| Custom | Supported |
Object Attributes
| Attribute | Status |
|---|
| Status | Supported |
| Settings | Supported |
Custom Authentication Extensions
| Data Type | Status |
|---|
| Endpoint Configuration | Supported |
| API Authentication | Supported |
| Applications | Supported |
Custom Branding
| Data Type | Status |
|---|
| Company branding | Supported |
| Branding themes | UnSupported |
Object Attributes
| Attribute | Status | Comment |
|---|
| Basics | Supported | Page background color is not supported. |
| Layout | Supported | |
| Header | Supported | |
| Footer | Supported | |
| Sign-in form | Supported | |
| Text | Supported | |
