Q: Why do I need to re-authenticate with Microsoft to restore a user I have just viewed the attributes of?
A: Adhering to the security principle of least privilege, the permissions that allow for accessing the attributes of an object (user or group) are insufficient to allow for performing a restore.
Q: What attributes are supported for each object in Entra ID?
A: Please see Article 1555 - Supported Entra ID object attributes.
Q: Why are some user attributes not restored?
A: A higher-privileged administrator role is required to perform sensitive actions such as restoring user attributes (e.g. accountEnabled, mobilePhone, otherMails). For in-app only scenarios, the global administrator for the dedicated Microsoft account must upgrade the registered app to a higher-privileged administrator role prior to initiating the restore.
Q: Do I need to re-authenticate with Microsoft if I’ve already done so in the current session?
A: Re-authentication with Microsoft will be periodically required by default to account for expired connections, changes to permissions, or authorising with the wrong global administrator account.
Q: Why are some users greyed out in the objects list on the tenant overview page?
A: While deleted users are no longer backed up, they continue to be accessible for retention and restore purposes. They are greyed out in order to be easily differentiated from the rest of the users in the list.
Q: What is meant by "Last backup for each object" on the tenant overview page?
A: The last backup represents the most recent date and time that a distinct version of an object (user or group) has been backed up. This can be different for each object depending on the latest change included in a backup.
Q: What does a tenant's secure score mean?
A: The secure score is a representation of the organisation’s overall security posture as calculated by Microsoft. Note that this is different from the identity secure score in Entra ID.
Q: How do I estimate my billable/active Entra users before doing a backup?
A: You will be billed for active users are users that are enabled, are not guests and have not been deleted. To get an estimate of how many billing users there may be on your tenant, see Article 1437 - Seat management.
Comments
0 comments
Article is closed for comments.