Chat now with support
Chat with Support

On Demand Recovery Current - Supported Attributes

Country Named Location

The list below includes all supported Country Named Location attributes that can be restored by On Demand Recovery.

Attribute Name Description
countriesAndRegions List of countries and/or regions in two-letter format specified by ISO 3166-2.
countryLookupMethod Determines what method is used to decide which country the user is located in.
displayName Human-readable name of the location.
includeUnknownCountriesAndRegions true if IP addresses that do not map to a country or region should be included in the named location.

IP Named Location

The list below includes all supported IP Named Location attributes that can be restored by On Demand Recovery.

Attribute Name Description
displayName Human-readable name of the location.
ipRanges List of IP address ranges in IPv4 CIDR format (for example, 1.2.3.4/32) or any allowable IPv6 format from IETF RFC5969.
isTrusted true if this location is explicitly trusted.

Tenant Level Settings

The list below includes all supported tenant level setting attributes that can be restored by On Demand Recovery.]

 

Directory Settings

Attribute Name Description
values Collection of name-value pairs corresponding to the name and defaultValue properties in the referenced directorySettingTemplates object.

 

External Identities Settings

Attribute Name Description
allowExternalIdentitiesToLeave Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.
allowDeletedIdentitiesDataRemoval  

 

Group Lifecycle Policy

Attribute Name Description
alternateNotificationEmails List of email address to send notifications for groups without owners. Multiple email address can be defined by separating email address with a semicolon.
groupLifetimeInDays Number of days before a group expires and needs to be renewed. Once renewed, the group expiration is extended by the number of days defined.
managedGroupTypes The group type for which the expiration policy applies. Possible values are All, Selected or None.

 

Group Lifecycle Policy Links

Attribute Name
GroupLifecyclePolicyLinkChange

 

User Authentication Settings

Attribute Name Description
selfServiceSignUp Contains selfServiceSignUpAuthenticationFlowConfiguration settings that convey whether self-service sign-up is enabled or disabled.

 

User Authorization Settings

Attribute Name Description
allowedToSignUpEmailBasedSubscriptions Indicates whether users can sign up for email based subscriptions.
allowedToUseSSPR Indicates whether administrators of the tenant can use the Self-Service Password Reset (SSPR).
allowEmailVerifiedUsersToJoinOrganization Indicates whether a user can join the tenant by email validation.
allowInvitesFrom Indicates who can invite guests to the organization.
allowUserConsentForRiskyApps Indicates whether user consent for risky apps is allowed. Default value is false.
blockMsolPowerShell To disable the use of the MSOnline PowerShell module set this property to true. This also disables user-based access to the legacy service endpoint used by the MSOnline PowerShell module. This doesn't affect Microsoft Entra Connect or Microsoft Graph.

defaultUserRolePermissions.

allowedToCreateApps

Indicates whether the default user role can create applications. This setting corresponds to the Users can register applications setting in the User settings menu in the Microsoft Entra admin center.

defaultUserRolePermissions.

allowedToCreateSecurityGroups

Indicates whether the default user role can create security groups.

defaultUserRolePermissions.

allowedToCreateTenants

Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Microsoft Entra admin center.

defaultUserRolePermissions.

allowedToReadBitlockerKeysForOwnedDevice

Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role.

defaultUserRolePermissions.

allowedToReadOtherUsers

Indicates whether the default user role can read other users.
description Description of this policy.
displayName Display name for this policy.
enabledPreviewFeatures List of features enabled for private preview on the tenant.
guestUserRoleId Represents role templateId for the role that should be granted to guests.
permissionGrantPolicyIdsAssignedToDefaultUserRole Indicates if user consent to apps is allowed, and if it is, the app consent policy that governs the permission for users to grant consent.

Administrative Units

The list below includes all supported Administrative units attributes that can be restored by On Demand Recovery.

Attribute Name Description
description An optional description for the administrative unit.
displayName Display name for the administrative unit.
membershipRule Dynamic membership rule for the administrative unit.
membershipRuleProcessingState Used to control whether the dynamic membership rule is actively processed. Set to On when you want the dynamic membership rule to be active and Paused if you want to stop updating membership dynamically. If not set, the default behavior is Paused.
membershipType Membership type for the administrative unit. Can be dynamic or assigned. If not set, the default behavior is assigned.
visibility Controls whether the administrative unit and its members are hidden or public. Can be set to HiddenMembership or Public. If not set, the default behavior is Public. When set to HiddenMembership, only members of the administrative unit can list other members of the administrative unit.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating