Recover Entra ID

After you protect your Entra ID, you can recover them from Cohesity DataProtect as a Service to their original or a new location.

To recover protected Entra ID:

1. In DataProtect as a Service, under Sources, click the required Azure source and click the Entra ID tab.

2. Select the Protection Status as Protected.

3. Use the filters, search box, and views to locate and select the Entra ID you need.

   You can also use Global Search to locate, filter, and select the objects you need. Click the Global Search box at the top or type slash (/) anywhere to start your search.

   

4. Click the Recover option at the top. The Select Recovery Point window displays the Latest snapshot (protection run).
   

   If you need to recover from an earlier snapshot, select the required timeline. Click List to view the available recovery points by timestamp.

5. Click the Browse button. The browse details page is displayed.

   

6. Navigate to the Activity menu to view the browse progress. The browse session takes some time to be established.

   

7. Once the browse session is established, click on the browse object and click the Recover button.

   

8. In the New Recovery window, select the objects to be recovered. The options include:

   • Applications

   • Users

   • Groups

   • Roles and Administrators

   • Administrative Units

   • Devices

   • Service Principals

   • Contacts

9. To continue with the recovery, click Next: Recover Options.

   

10. Under Recovery Mode, select either of the following:

    • Restore Properties Only - Recovers only the object properties, for example, display name of the user object.

    • Restore Relations Only - Recovers only the object relations, for example, group membership.

    • Restore Both - Recovers both properties and relations of the selected objects.

11. Under Recover Method, select either of the following:

    • Overwrite Object Relations - Removes additional relations that were created in the object after the restore point, apart from recovering relations from the restore point.

    • Merge Object Relations - Creates missing relations from the restore point and does not remove the additional relations.

12. Recover the container with all members - This option applies for Administrative Units only. Members of an Administrative Unit missing in Entra ID are recovered along with the Administrative Unit object. Members present in Entra ID are not recovered even if they differ from restore point.

13. Select your Recovery Options:

    • Password - The password required for recovery with Users.

    • Task Name - The option to change the default name of the recovery task.

    
    

14. Click Recover.

    You can monitor the status of the recovery on the Activity page.

    Cohesity DataProtect as a Service starts recovering the selected Entra ID.

15. You must manually tear down the browse sessions once the recovery of objects is successful. In DataProtect as a Service, under Sources, click on the Activity menu, click on the browse object, and click Tear Down. The browse session will be torn down.

    

The following GIF illustrates the steps to recover an Entra ID in the Azure source:

Device and contact types of objects cannot be created. If a device object is permanently deleted from EntraID, Cohesity cannot recover it. However, the existing device object can be patched for property changes.