Restoring authentication methods will update the settings and links to targets—users or groups for whom policies have been configured. This means if the authentication methods have target groups or users, these objects will once again have this configuration applied to them.

When restoring authentication methods, we can also recreate the linked targets if they have been deleted from the tenant. 

Targets for registration campaigns can be users and groups. For the rest of the authentication methods configuration, targets can only be groups.

Restore authentication methods

1. Locate authentication methods in your connector.

2. Optional: If you want to restore an older version of the item, click the Snapshots Viewer icon, and then select an earlier snapshot. You will now be viewing data from that particular time.

3. Select ••• > Restore.

4. Select whether to restore targets.

  • If you select Restore only selected item, click Next.
  • If you select Also restore targets, click Next. Then select the restore method for the related items and click Next

5. Review the summary and select Restore.

What happens when I restore authentication methods

Restoring authentication methods will restore the settings and reestablish the following relationships:

  • Targets - links to users and groups for whom policies have been configured.

A relationship can be reestablished only if the linked target still exists in Entra ID.

Restoring authentication methods together with targets

Restoring targets recreates missing target users and groups. This means for each such user and group, we restore its attributes and relationships. All recreated targets will receive new IDs.

Groups or users that exist in Entra ID but are not present in the snapshot will have their links to authentication methods removed, but the users and groups will not be deleted from Entra ID.

If you select create missing and update existing targets:

  • We will create target users and groups that have been deleted. 
  • For each existing user, we will update its attributes, link to manager, group ownerships, group and unit memberships, role assignments, and licenses.
  • For each existing group, we will update its attributes, links to members and owners, group and unit memberships, role assignments, and licenses.

If you select only create missing targets:

  • We will ONLY create target users and groups that have been deleted.

Note: We cannot reestablish deleted users' memberships to distribution and mail-enabled groups. In this case, the restore job will be marked as incomplete, and these relationships will be skipped.

The set of targets that will be restored is determined by the level at which the restore option was selected, starting from Authentication methods (which restores all the target groups and users applicable to the Authentication methods configuration) all the way down to the folders Include Targets or Exclude Targets, where only targets related for this specific context (again determined by the level or folder where restore option was selected) will be restored.

Password Protection

This option is not applicable for password protection because it does not have target users or groups.

Registration Campaign

Restoring items below the registration campaign folder is not supported. At this level, Entra ID processes restore requests inconsistently when it sends them separately either for Include Targets or Exclude Targets folders. 

Microsoft Authenticator

When restoring the Microsoft Authenticator folder together with targets, please note that additional target groups may be restored beyond those specified in the Include Targets and Exclude Targets folders. This is because the configuration file may also include backups of targets.