Photo by Pavitra Baxi on Unsplash
Backup and Restore in Entra ID
Safety Rope
At first glance, Microsoft Entra ID does not appear to be a traditional data storage system and does not seem to require a backup. To begin, though, you need to clarify what "data" means in today's world. In the conventional sense, the term encompasses all the content that users create and modify on a daily basis. When it comes to Entra ID and data backup, this term takes on a different meaning, primarily referring to user accounts, group accounts, and policies. Quickly it becomes clear that Entra ID also has valuable content that you need to back up regularly.
How Secure?
Microsoft makes a clear distinction between different object types (e.g., users or groups), so you have no one-size-fits-all answer to the question of how secure objects are in Microsoft Entra ID. One key factor is the source of truth (i.e., the original origin of an object). If the user lifecycle is in the local Active Directory, for example, the behavior is clearly defined: If you delete a synchronized user in Entra ID, the account first ends up in the recycle bin for user objects, where it remains for 30 days before being permanently removed.
Within this period, either you manually restore the user object or it is automatically recreated by the next sync, provided it remains within the synchronization scope. Note that an automatic restoration will leave the object ID unchanged. As a result, the user account will pop up again at all locations where it was previously used, such as in Conditional Access (CA) policies. If the object is deleted, Microsoft first removes it from these configurations; however, it still becomes available again after the next sync.
The entire process also works in reverse: If you remove a user from the synchronization scope, Entra ID moves them to the Recycle Bin. If you later add the user account back to the scope, the account is not recreated, but restored with the original
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Related content
-
Find Entra ID vulnerabilities with AzureADRecon
The AzureADRecon tool lets you analyze Entra ID environments, generate reports, and identify potential risks at an early stage by providing detailed insights into users, roles, and service principals. We show you how to set up, automate, and use the tool for security checks. -
Manage user accounts with MS Entra lifecycle workflows
Microsoft Entra unites key identity technologies, resulting in a centralized management tool for Azure Active Directory. We look at how MS Entra works in conjunction with a local Active Directory. -
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Configure Entra ID with PowerShell Desired State Configuration
Configuration and security of authorization assignment and access control by Entra ID, formerly Azure Active Directory, requires careful consideration. We reveal how configuration as code works with PowerShell and Microsoft 365 DSC for tenant configuration in Entra ID. -
Free Security Compliance Manager hardens server systems
Microsoft operating systems are not necessarily regarded as the epitome of computer security, but the free Security Compliance Manager helps enforce some basic hardening measures.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Focus On Self-Hosting
• Self-Hosted PaaS with Coolify
• Build and Host Docker Images
• Self-Hosted Pritunl VPN Server with MFA
• Self-Hosted Chat Servers
• Self-Hosted Remote Support with RustDesk
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
