Restore Options and Behavior in Azure Active Directory

Restore Options

The following options are presented when restoring objects in Azure AD:

• When object exists

  • Overwrite unconditionally

    Any objects being restored that already exist in Azure AD will have their properties overwritten from backup.

  • Skip

    Any objects being restored that already exist in Azure AD will be skipped and left unchanged

• Restore relationship

  If this toggle is turned on, when an object is restored, all that object’s relationships with other objects (e.g., groups, roles, relationship to a conditional access policy) will be restored from the backup as well.

Restoring object relationships

Roles and group memberships

When restoring an object that owns relationships such as a role (which owns role members), the relationships from the selected backup will be appended to the existing object.

For example, select an Azure AD role to restore from backup.

• During backup, the role members were Sally, Michael, and Phil.

• Currently, in Azure AD, the same role has Sally, Phil, Steve, and Cindy as the members.

• After restoring the role from backup, the members will be Sally, Michael, Phil, Steve, and Cindy. None of the roles existing members in Azure AD are removed, while the members from role in the backup are appended to them.

Applications

The Application Object (found under App registrations) is the template for the application definition within an Azure AD tenant. Every Application Object has a corresponding Service Principal Object (found under Enterprise applications). The relationship between the two is described in this Microsoft article. When restoring applications, the App registration must be restored before the corresponding Enterprise application.