Backup Azure Active Directory
I would like the ability to backup my Azure Active Directory. This could be a feature provided by Microsoft, or allowing a configuration file to be exported locally.
If my users maliciously deleted application registrations among other things, there is no easy way to restore this currently.
I've just been asked this question from a customer and need to now get back with an official answer.
I know mostly everything should be Infra as Code and be able to create all resources/configs from scratch. But that it's always possible if things go wrong. So this would be something of interest.
Darragh O'Shaughnessy commented
Must have! Protects against the odd dumb admin also!
Mark Salter commented
I would like the ability to backup / restore everything from accounts and groups, to Conditional Access Policies, to App Registrations and Enterprise applications, etc. etc. along with bits from many other services in Azure. Things we build with code we would just redeploy, but there are many things this doesn't include
Indeed, for me this is the highest risk factor with AzureAD itself. Not that I fear advanced attacks, but that we have no tools to recover from an advanced attack... or a technical *****-up.
What about snapshot and rollback from a compromised tenant?
This is a must have feature. I see that Quest among others are offering this as a 3rd party feature.