On Demand Recovery Current - Supported Attributes

About Supported Attributes Entra Users Entra Groups Entra Devices Service Principals (Enterprise Applications) Applications (Application Registrations) Application Proxy Conditional Access Policy Country Named Location IP Named Location Tenant Level Settings Administrative Units

Country Named Location

The list below includes all supported Country Named Location attributes that can be restored by On Demand Recovery.

Attribute Name	Description
countriesAndRegions	List of countries and/or regions in two-letter format specified by ISO 3166-2.
countryLookupMethod	Determines what method is used to decide which country the user is located in.
displayName	Human-readable name of the location.
includeUnknownCountriesAndRegions	true if IP addresses that do not map to a country or region should be included in the named location.

IP Named Location

The list below includes all supported IP Named Location attributes that can be restored by On Demand Recovery.

Attribute Name	Description
displayName	Human-readable name of the location.
ipRanges	List of IP address ranges in IPv4 CIDR format (for example, 1.2.3.4/32) or any allowable IPv6 format from IETF RFC5969.
isTrusted	true if this location is explicitly trusted.

Tenant Level Settings

The list below includes all supported tenant level setting attributes that can be restored by On Demand Recovery.

Directory Settings

Attribute Name	Description
values	Collection of name-value pairs corresponding to the name and defaultValue properties in the referenced directorySettingTemplates object.

External Identities Settings

Attribute Name	Description
allowExternalIdentitiesToLeave	Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.
allowDeletedIdentitiesDataRemoval

Group Lifecycle Policy

Attribute Name	Description
alternateNotificationEmails	List of email address to send notifications for groups without owners. Multiple email address can be defined by separating email address with a semicolon.
groupLifetimeInDays	Number of days before a group expires and needs to be renewed. Once renewed, the group expiration is extended by the number of days defined.
managedGroupTypes	The group type for which the expiration policy applies. Possible values are All, Selected or None.

Group Lifecycle Policy Links

Attribute Name
GroupLifecyclePolicyLinkChange

Organization

Attribute Name	Description
businessPhones	Telephone number for the organization. Although this property is a string collection, only one number can be set.
city	City name of the address for the organization.
contactInsights	Contains the properties that are configured by an administrator as a tenant-level privacy control whether to identify duplicate contacts among a user's contacts list and suggest the user to merge those contacts to have a cleaner contacts list. List contactInsights returns the settings to display or return contact insights in an organization.
defaultUsageLocation	Two-letter ISO 3166 country code indicating the default service usage location of an organization.
certificateBasedAuthConfiguration	Navigation property to manage certificate-based authentication configuration. Only a single instance of certificateBasedAuthConfiguration can be created in the collection.
itemInsights	Contains the properties that are configured by an administrator for the visibility of Microsoft Graph-derived insights, between a user and other items in Microsoft 365, such as documents or sites. List itemInsights returns the settings to display or return item insights in an organization.
marketingNotificationsEmails	Email Ids for marketing notifications.
microsoftApplicationDataAccess	Contains the properties that are configured by an administrator to specify access from Microsoft applications to Microsoft 365 data belonging to users in an organization. List microsoftApplicationDataAccessSettings returns the settings that specify the access.
onPremisesSyncEnabled	true if this object is synced from an on-premises directory; false if this object was originally synced from an on-premises directory but is no longer synced; Nullable. null, if this object isn't synced from an on-premises Active Directory (default).
peopleInsights	Contains the properties that are configured by an administrator for the visibility of a list of people relevant and working with a user in Microsoft 365. List peopleInsights returns the settings to display or return people insights in an organization.
postalCode	Postal code of the address for the organization.
preferredLanguage	The preferred language for the organization.
privacyProfile	The privacy profile of an organization.
securityComplianceNotificationMails	The email addresses to receive security compliance notifications.
securityComplianceNotificationPhones	The phone numbers to receive security compliance notifications.
state	State name of the address for the organization.
street	Street name of the address for organization.
technicalNotificationMails	Recipients of technical notification emails.

Security Defaults

Attribute Name	Description
isEnabled	If set to true, Microsoft Entra security defaults are enabled for the tenant.

User Authentication Settings

Attribute Name	Description
selfServiceSignUp	Contains selfServiceSignUpAuthenticationFlowConfiguration settings that convey whether self-service sign-up is enabled or disabled.

User Authorization Settings

Attribute Name	Description
allowedToSignUpEmailBasedSubscriptions	Indicates whether users can sign up for email based subscriptions.
allowedToUseSSPR	Indicates whether administrators of the tenant can use the Self-Service Password Reset (SSPR).
allowEmailVerifiedUsersToJoinOrganization	Indicates whether a user can join the tenant by email validation.
allowInvitesFrom	Indicates who can invite guests to the organization.
allowUserConsentForRiskyApps	Indicates whether user consent for risky apps is allowed. Default value is false.
blockMsolPowerShell	To disable the use of the MSOnline PowerShell module set this property to true. This also disables user-based access to the legacy service endpoint used by the MSOnline PowerShell module. This doesn't affect Microsoft Entra Connect or Microsoft Graph.
defaultUserRolePermissions. allowedToCreateApps	Indicates whether the default user role can create applications. This setting corresponds to the Users can register applications setting in the User settings menu in the Microsoft Entra admin center.
defaultUserRolePermissions. allowedToCreateSecurityGroups	Indicates whether the default user role can create security groups.
defaultUserRolePermissions. allowedToCreateTenants	Indicates whether the default user role can create tenants. This setting corresponds to the Restrict non-admin users from creating tenants setting in the User settings menu in the Microsoft Entra admin center.
defaultUserRolePermissions. allowedToReadBitlockerKeysForOwnedDevice	Indicates whether the registered owners of a device can read their own BitLocker recovery keys with default user role.
defaultUserRolePermissions. allowedToReadOtherUsers	Indicates whether the default user role can read other users.
description	Description of this policy.
displayName	Display name for this policy.
enabledPreviewFeatures	List of features enabled for private preview on the tenant.
guestUserRoleId	Represents role templateId for the role that should be granted to guests.
permissionGrantPolicyIdsAssignedToDefaultUserRole	Indicates if user consent to apps is allowed, and if it is, the app consent policy that governs the permission for users to grant consent.

Administrative Units

The list below includes all supported Administrative units attributes that can be restored by On Demand Recovery.

Attribute Name	Description
description	An optional description for the administrative unit.
displayName	Display name for the administrative unit.
isMemberManagementRestricted	true if members of this administrative unit should be treated as sensitive, which requires specific permissions to manage. Default value is false. Use this property to define administrative units whose roles don't inherit from tenant-level administrators, and management of individual member objects is limited to administrators scoped to a restricted management administrative unit. Immutable, so can't be changed later.
members	Direct members of administrative unit, who can be users, devices and groups.
membershipRule	Dynamic membership rule for the administrative unit.
membershipRuleProcessingState	Used to control whether the dynamic membership rule is actively processed. Set to On when you want the dynamic membership rule to be active and Paused if you want to stop updating membership dynamically. If not set, the default behavior is Paused.
membershipType	Membership type for the administrative unit. Can be dynamic or assigned. If not set, the default behavior is assigned.
scopedRoleMembers	Direct members of administrative unit, who can be users, devices and groups.
visibility	Controls whether the administrative unit and its members are hidden or public. Can be set to HiddenMembership or Public. If not set, the default behavior is Public. When set to HiddenMembership, only members of the administrative unit can list other members of the administrative unit.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.