Chat now with support
Chat with Support

On Demand Recovery Current - Supported Attributes

About Supported Attributes

On Demand Recovery allows the restoration of Azure Active Directory and Office 365 users, groups, applications, service principals, devices, Conditional Access policies and Application Proxy settings. The application can process two types of Office 365 groups: Office 365 groups and security groups. Group membership and ownership is restored for both types of groups.

Objects can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes. Using the granular restore, objects that were accidentally deleted or modified can be recovered in a few minutes.

The following guide provides attributes for each object type that can be restored by On Demand Recovery, as of version 1.6, deployed on January 30, 2024. These object types include:

  • Azure Users
  • Azure Groups
  • Service Principals (Enterprise Applications)
  • Devices
  • Applications (Application Registrations)
  • Conditional Access Policy
  • Application Proxy
  • Country Named Location
  • IP Named Location

For more information on restoring objects, visit the On Demand Recovery documentation.

Azure Users

Users are the representation of an Azure Active Directory (Azure AD) work or school user account.

The lists below include all supported Azure user attributes that can be restored by On Demand Recovery.

 

General

Attribute Name Description
accountEnabled True if the account is enabled; otherwise, False.
ageGroup The age group of the user.
appRoleAssignments Represents the app roles a user has been granted for an application.
assignedLicenses

The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses.

NOTE: see Assigned Licenses and Plans list below for detailed information on complex attribute.
businessPhones The telephone numbers for the user.
city The city in which the user is located.
companyName The company name which the user is associated. This property can be useful for describing the company that an external user comes from.
consentProvidedForMinor Sets whether consent has been obtained for minors.
country The country/region in which the user is located.
department The name of the department in which the user works.
directReports The users and contacts that report to the user. (The users and contacts that have their manager property set to this user.)
displayName The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name.
employeeId The employee identifier assigned to the user by the organization.
faxNumber The fax number of the user.
givenName The given name (first name) of the user.
identities (B2C only) Represents the identities that can be used to sign in to this user account.
jobTitle The user’s job title.
mail The SMTP address for the user.
mailNickname The mail alias for the user.
manager The user or contact that is this user's manager.
memberOf The groups, directory roles and administrative units that the user is a member of.
mfaState

Identifies multifactor authentication state for the user.

NOTE: see Multifactor Authentication list below for detailed information on this complex attribute.
mobilePhone The primary cellular telephone number for the user.
officeLocation The office location in the user's place of business.
otherMails A list of additional email addresses for the user.
ownedDevices Devices that are owned by the user.
ownedObjects Get the list of directory objects that are owned by the user.
passwordPolicies Specifies password policies for the user.
postalCode The postal code for the user's postal address. The postal code is specific to the user's country/region.
registeredDevices Devices that are registered for the user.
roles Specifies administrator roles assigned to a user.
state The state or province in the user's address.
streetAddress The street address of the user's place of business.
surname The user's surname (family name or last name).
usageLocation A two letter country code (ISO standard 3166).
userPrincipalName The user principal name (UPN) of the user.
userType A string value that can be used to classify user types in your directory, such as “Member” and “Guest”.

 

Assigned Licenses and Plans

In Azure AD licenses and plans are assigned to users to give them access. Licenses and plans can be assigned and unassigned.

When the complex attribute 'assignedLicenses' is selected for restore, the following attributes will also be restored. Individual attributes cannot be selected and are all restored together.

Attribute Name Description
assignedDateTime (Assigned Plans) The date and time at which the plan was assigned.
capabilityStatus (Assigned Plans) Condition of the capability assignment.
disabledPlans A collection of the unique identifiers for plans that have been disabled.
licenseAssignmentStates State of license assignments for this user.
service (Assigned Plans) The name of the service to activate.
servicePlanId (Assigned Plans) The plan identifier of the service plan to activate.
skuId The unique identifier for the SKU.
state Indicate the current state of this assignment.

 

Multifactor Authentication

To secure user sign-in events in Azure AD, multifactor authentication can be enabled on user accounts.

When the complex attribute 'MFAState' is selected for restore, the following attributes will also be restored. Individual attributes cannot be selected and are all restored together.

Attribute Name

Default MFA method
Email authentication methods
Phone authentication methods
SMS sign-on status
User state of MFA settings

 

Hybrid User

Attribute Name Description
onPremisesDistinguishedName Contains the on-premises Active Directory distinguished name or DN.
onPremisesDomainName Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory.
onPremisesExtensionAttributes Contains extensionAttributes 1-15 for the user.
onPremisesImmutableId This property is used to associate an on-premises Active Directory user account to their Azure AD user object.
onPremisesSamAccountName Contains the on-premises samAccountName synchronized from the on-premises directory.
onPremisesSecurityIdentifier Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud.

Azure Groups

The lists below include all supported Azure group attributes that can be restored by On Demand Recovery.

 

General

Attribute Name Description
appRoleAssignments Represents the app roles a group has been granted for an application.
assignedLicenses

The licenses that are assigned to the group.

NOTE: see Assigned Licenses and Plans list below for detailed information on complex attribute.
description An optional description for the group.
displayName The display name for the group.
groupTypes

Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group.

NOTE: distribution groups are not supported by On Demand Recovery.
isAssignableToRole Indicates whether this group can be assigned to an Azure Active Directory role.
mail The SMTP address for the group.
mailEnabled Specifies whether the group is mail-enabled.
mailNickname The mail alias for the group.
memberOf Groups and administrative units that this group is a member of.
members (Enterprise Applications/Service Prinicpals)  
members (Groups and Directory Roles)  
members (Users)  
membershipRule The rule that determines members for this group if the group is a dynamic group.
membershipRuleProcessingState Indicates whether the dynamic membership processing is on or paused.
owners The owners of the group.
preferredDataLocation The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location.
roles  
securityEnabled Specifies whether the group is a security group.
theme Specifies a Microsoft 365 group's color theme.
visibility Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership.

 

Assigned Licenses and Plans

Groups can be used in Azure AD to assign licenses and plans to large numbers of users or to assign user access to deployed enterprise applications. When a user becomes a member of a group they are automatically assigned the appropriate licenses.

When the complex attribute "AssignedLicenses" is selected to be restored, the following attributes will also be restored. Individual attributes cannot be selected and are all restored together.

Attribute Name Description
disabledPlans A collection of the unique identifiers for plans that have been disabled.
skuId The unique identifier for the SKU.

 

Hybrid Group

Attribute Name
onPremisesDomainName
onPremisesImmutableId
onPremisesSamAccountName
onPremisesSecurityIdentifier

Devices

The list below includes all supported device attributes that can be restored by On Demand Recovery.

General

Attribute Name Description
accountEnabled True if the account is enabled; otherwise, False.
alternativeSecurityIds  
approximateLastSignInDateTime The approximate date and time of the previous sign in of the device.
complianceExpirationDateTime The timestamp when the device is no longer deemed compliant.
deviceId Unique Identifier set by Azure Device Registration Service at the time of registration. This is an alternate key that can be used to reference the device object.
deviceMetadata Metadata information of the device.
deviceVersion Version of the device.
displayName The display name for the device.
isManaged True if the device is managed by a Mobile Device Management (MDM) app; otherwise, false.
operatingSystem The type of operating system on the device.
operatingSystemVersion The version of the operating system on the device.
physicalIds Physical IDs for the device.
registeredOwners The user that cloud joined the device or registered their personal device.
registeredUsers Collection of registered users of the device. For cloud joined devices and registered personal devices, registered users are set to the same value as registered owners at the time of registration.
systemLabels List of labels applied to the device by the system.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating