Backup Azure Active Directory
I would like the ability to backup my Azure Active Directory. This could be a feature provided by Microsoft, or allowing a configuration file to be exported locally.
If my users maliciously deleted application registrations among other things, there is no easy way to restore this currently.
A single, easily scheduled AAD export would be great. This would fufil the backup requirements As someone below notes we have conditional Access policies, guest user registrations, enterprise apps etc. The ability to restore all of this in a failure at MS is really required. Even the ability to restore to a non-live digital twin tenancy for verification in the event of an issue, to allow comparison of users settings etc. Insider threat is real and more likely mistakes could lead to a deleted tenancy.
Any traction on this capability? Definitely need a way to backup our AAD.
we had a crash and lost all aliasses due to a bug with microsoft azure AD,
there is no way to get this backup.
sort you **** microsoft, why should I implement something I cant backup?
Any update on this essential feature?
Would love to have this feature, any update from Microsoft?
Any updates from Microsoft for this possible feature?
This is a must have feature.
Sanjay Palnitkar commented
I would strongly urge to have this feature available for DR purposes, especially for any malicious (in-house or outside) activity/deletions.
Ming Ikehara commented
This is a must-have feature, a snapshot of some sort so we can get back up and running with minimal downtime.
I've just been asked this question from a customer and need to now get back with an official answer.
I know mostly everything should be Infra as Code and be able to create all resources/configs from scratch. But that it's always possible if things go wrong. So this would be something of interest.
Darragh O'Shaughnessy commented
Must have! Protects against the odd dumb admin also!
Mark Salter commented
I would like the ability to backup / restore everything from accounts and groups, to Conditional Access Policies, to App Registrations and Enterprise applications, etc. etc. along with bits from many other services in Azure. Things we build with code we would just redeploy, but there are many things this doesn't include
Indeed, for me this is the highest risk factor with AzureAD itself. Not that I fear advanced attacks, but that we have no tools to recover from an advanced attack... or a technical *****-up.
What about snapshot and rollback from a compromised tenant?
Janke, Joel commented
This is a must have feature. I see that Quest among others are offering this as a 3rd party feature.