Entra ID Coverage Overview

Keepit offers two levels of Microsoft 365 Entra ID backup coverage:

  • Entra ID Standard: 
    Protects users, groups, administrative units, and roles.
  • Entra ID Advanced: 
    Protects usersgroupsadministrative unitsrolesservice principals (including enterprise applications    ), app registrations, conditional access policies, Intune policiesBitLocker recovery keys, and sign-in and activity logs.


Keepit's legacy backup coverage:

  • Entra ID Basic: Protects users, groups, administrative units, roles, and activity logs.


Supported Object Attributes

Each object (user, group, administrative unit, role, service principal, policy, and app registration) has a set of attributes that we protect. For the full list, go to Supported object attributes


Metadata Backup Scope

Metadata for objects can only be backed up and restored in relation to other objects included in the backup.

For instance, if a user is a member of 10 groups in Entra ID but only 5 of those groups are selected for backup in the connector configuration, the metadata of only those 5 groups will be backed up for the user. 

Entra ID Standard

Object Metadata


Users

  • Ownerships
  • Memberships
  • Manager
  • Role assignments
  • Licenses
  • Photo


Groups

  • Owners
  • Members
  • Memberships
  • Role assignments
  • Licenses
  • Photo


Administrative Units

  • Members
  • Scoped-role assignments


Roles 

  • Role assignments

Note: Ownerships, owners, memberships, members, managers, role assignments, or scoped-role assignments are relationships (links) an object has to another object. 

Entra ID Advanced

In addition to the data covered by Entra ID Standard, the Entra ID Advanced connector also protects the following:

Object Metadata

App registrations

  • Owners
  • Photo


Service principals

  • Owners
  • Assignments
  • Photo


Additional data

Policies

  • Conditional access policies
  • Compliance policies
  • Configuration profiles
  • Authentication methods
  • Authentication strengths
  • Named locations


Backup limitations

  • Due to API limitations, some types of configuration profiles cannot be backed up.
  • We do not support the backup of configuration policies based on administrative templates. 


Devices

  • Bitlocker recovery keys


Activity Logs

  • Audit logs
  • Sign-in logs

Note: Sign-in logs cannot be backed up without also backing up audit logs.