Data Backed Up in Entra ID
Microsoft Entra ID is an Identity as a Service (IDaaS) solution, a cloud-based identity and access management service that Microsoft users can use to access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other SaaS applications. Microsoft Entra ID also helps users access internal resources like apps on in their organizational intranet, and any cloud apps developed for their organization.
To learn the differences between Active Directory and Microsoft Entra ID, see Compare Active Directory to Microsoft Entra ID. You can also refer to Microsoft Cloud for Enterprise Architects Series posters to better understand the core identity services in Azure like Microsoft Entra ID and Microsoft 365.
Cloud-to-Cloud Backup for Entra ID supports the cloud-based version of Entra ID. Windows Server Active Directory & Hybrid environments are not currently supported.
The following tables describe the Entra ID objects protected by Barracuda Cloud-to-Cloud Backup.
User objects are digital profiles that represent people in an organization. These profiles store important information about each user, such as their name, email address, job title, and permissions.
For example, a user object might include:
The user’s login credentials (username and password).
Their role (e.g., regular employee or admin).
Groups they belong to (e.g., "Sales Team").
Access permissions for apps and data.
User objects are like ID cards in the digital world, helping the system know who someone is and what they are allowed to do.
Backup:
The object and all attributed detailed below are backed up.
Restore:
The object is updated/created.
Limitation:
Photos backed up need to be exported and restored manually.
Attribute | Description | Backed Up | Restored | Exported |
|---|---|---|---|---|
accountEnabled | If an account is enabled or not | Yes | Yes | Yes |
ageGroup | Age group defined as: Minors: 12 and under | Yes | Yes | Yes |
businessPhones | Telephone numbers | Yes | Yes | Yes |
city | Location | Yes | Yes | Yes |
companyName | Company name | Yes | Yes | Yes |
consentProvidedForMinor | Has consent been obtained for minors: granted, denied, notRequired | Yes | Yes | Yes |
country | Country/region | Yes | Yes | Yes |
createdDateTime | Date the user object was created | Yes | No | Yes |
creationType | If the user account was created as a local account for an Azure Active Directory B2C tenant: LocalAccount or nameCoexistence | Yes | No | Yes |
deletedDateTime | Date the user object was deleted | Yes | No | Yes |
department | Company department | Yes | Yes | Yes |
employeeHireDate | Date and time of hire or future hire | Yes | Yes | Yes |
employeeId | Employee identifier | Yes | Yes | Yes |
employeeOrgData | Organization data (e.g. division and costCenter) | Yes | Yes | Yes |
employeeType | Employee type (e.g. Contractor, Consultant, Employee) | Yes | Yes | Yes |
externalUserState | External user invited to the tenant invitation status | Yes | No | Yes |
externalUserStateChangeDateTime | Timestamp for the latest change to the invitation status (externalUserState) property. | Yes | No | Yes |
faxNumber | Fax Number | Yes | Yes | Yes |
givenName | First Name | Yes | Yes | Yes |
identities | Identities used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. | Yes | Yes | Yes |
jobTitle | Job title | Yes | Yes | Yes |
lastPasswordChangeDateTime | Date password was last changed | Yes | No | Yes |
SMTP address | Yes | Yes | Yes | |
mailNickname | Mail alias | Yes | Yes | Yes |
mobilephone | Primary mobile telephone number | Yes | Yes | Yes |
officeLocation | Office location | Yes | Yes | Yes |
onPremisesImmutableId | Associate an on-premises Active Directory user account to their Azure AD user object | Yes | Yes | Yes |
onPremisesProvisioningErrors | Errors when using Microsoft synchronization product during provisioning | Yes | No | Yes |
otherMails | Additional email addresses | Yes | Yes | Yes |
passwordPolicies | Password policies for the user | Yes | Yes | Yes |
picture | Photo | Yes | Yes | Yes |
postalCode | Address postal code | Yes | Yes | Yes |
preferredDataLocation | Preferred data location | Yes | Yes | Yes |
preferredLanguage | Preferred language | Yes | Yes | Yes |
state | State or province | Yes | Yes | Yes |
streetAddress | Company street address | Yes | Yes | Yes |
surname | Surname (family name or last name). | Yes | Yes | Yes |
usageLocation | Two-letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirements to check for availability of services in countries. | Yes | Yes | Yes |
userPrincipalName | User principal name (UPN). The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. | Yes | Yes | Yes |
userType | User types in your directory, such as "Member" and "Guest." | Yes | Yes | Yes |
Group objects are digital collections of users, devices, or other groups that help manage access to apps, data, and resources more efficiently.
For example:
Instead of giving access to an app to 50 employees one by one, you can add all 50 to a group and assign the app to the group.
Groups can also be used to apply specific policies, like blocking access from certain locations.
There are two main types of groups in Entra ID:
Security groups: Used to control access to resources (e.g., files, apps).
Microsoft 365 groups: Used for collaboration (e.g., in Teams, SharePoint).
There are two additional groups where Entra ID plays a role in their creation and synchronization. Mail-Enabled Groups and Distribution Groups are primarily managed in Exchange Online or the Microsoft 365 Admin Center, rather than directly in Entra ID.
Group objects are like "folders" for people and devices, making it easier to organize and manage access.
Backup:
The object and all attributes detailed below are backed up.
Group members are backed up.
Restore:
The object is updated/created.
Existing members are added/removed.
Limitation:
Microsoft allows the back up of all 4 group types, however, only Microsoft 365 groups and Security groups can be restored. See the table below for details.
Group Types
Type | groupTypes | mailEnabled | securityEnabled | Created and managed via the groups APIs
|
|---|---|---|---|---|
["Unified"] | TRUE | TRUE or FALSE | Yes | |
[] | FALSE | TRUE | Yes | |
[] | TRUE | TRUE | No; read-only through Microsoft Graph | |
Distribution groups | [] | TRUE | FALSE | No; read-only through Microsoft Graph |
Group Attributes
Attribute | Description | Backed Up | Restored | Exported |
|---|---|---|---|---|
classification | Classification for the group (such as low, medium, or high business impact). | Yes | No | Yes |
deletedDateTime | Date the group object was deleted | Yes | No | Yes |
description | Optional description | Yes | Yes | Yes |
groupTypes | Group type and its membership | Yes | No | Yes |
Contact Us
Barracuda Campus
Barracuda Support