Azure AD Coverage Overview
Keepit offers two levels of Microsoft 365 Azure Active Directory backup coverage:
- Azure AD Standard:
Protects users, groups, administrative units, and roles. - Azure AD Advanced:
Protects users, groups, administrative units, roles, service principals, app registrations, conditional access policies, Intune policies, BitLocker recovery keys, and sign-in and activity logs.
Supported Object Attributes
Each object (user, group, administrative unit, role, service principal, policy, and app registration) has a set of attributes that we protect. For the full list, see Supported object attributes
Azure AD Standard
Object Metadata
Users
- Ownerships
- Memberships
- Manager
- Role assignments
- Licenses
- Photo
Groups
- Owners
- Members
- Memberships
- Role assignments
- Licenses
- Photo
Administrative Units
- Members
- Scoped-role assignments
Roles
- Role assignments
Note: Ownerships, owners, memberships, members, managers, role assignments, or scoped-role assignments are relationships (links) an object has to another object.
Azure AD Advanced
In addition to the data covered by Azure AD Standard, the Azure AD Advanced connector also protects the following:
Object Metadata
App registrations
- Owners
- Photo
Service principals
- Owners
- Assignments
- Photo
Additional data
Policies
- Azure AD conditional access policies
- Intune device compliance policies
- Intune device configuration profiles
Devices
- Bitlocker recovery keys
Activity Logs
- Audit logs
- Sign-in logs
Note: Sign-in logs cannot be backed up without also backing up audit logs.