Azure AD Coverage Overview

Keepit offers two levels of Microsoft 365 Azure Active Directory backup coverage:

  • Azure AD Standard: 
    Protects users, groups, administrative units, and roles.
  • Azure AD Advanced: 
    Protects usersgroupsadministrative unitsrolesservice principals (including enterprise applications
    ), app registrations, conditional access policies, Intune policiesBitLocker recovery keys, and sign-in and activity logs.


Supported Object Attributes

Each object (user, group, administrative unit, role, service principal, policy, and app registration) has a set of attributes that we protect. For the full list, see Supported object attributes 

Azure AD Standard

Object Metadata


Users

  • Ownerships
  • Memberships
  • Manager
  • Role assignments
  • Licenses
  • Photo


Groups

  • Owners
  • Members
  • Memberships
  • Role assignments
  • Licenses
  • Photo


Administrative Units

  • Members
  • Scoped-role assignments


Roles 

  • Role assignments

Note: Ownerships, owners, memberships, members, managers, role assignments, or scoped-role assignments are relationships (links) an object has to another object. 

Azure AD Advanced

In addition to the data covered by Azure AD Standard, the Azure AD Advanced connector also protects the following:

Object Metadata

App registrations

  • Owners
  • Photo


Service principals

  • Owners
  • Assignments
  • Photo


Additional data

Policies

  • Azure AD conditional access policies
  • Intune device compliance policies
  • Intune device configuration profiles


Devices

  • Bitlocker recovery keys


Activity Logs

  • Audit logs
  • Sign-in logs

Note: Sign-in logs cannot be backed up without also backing up audit logs.