How to restore assignments for Built-in Roles from Entra ID backup

Note

There is no need to ever restore built-in roles since they can not be deleted from Entra ID. However, you can restore the role assignments for built-in roles by following the steps described in this support article. Instructions for restoring Custom roles can be found here.


Step 1. Sign into the backup portal

Open your web browser and go to the following address: https://shield-cloud.nexetic.com/
Select Sign in with Microsoft 365. Insert your Microsoft 365 admin credentials for the tenant you want to restore data from.

entraid-signin-new.png


Resellers can also sign in via Nexetic Portal.

Step 2. Select Backup for Entra ID

EntraID-select-menu.png

Click the icon in the top-left corner of the page and select Backup for Entra ID.

 

Step 3. Select Roles page

Click Roles in the top navigation and select Built-in roles. You can see the list of all built-in administrative roles that have been backed up from the customer's Entra ID tenant. 

entraid-roles-built-in.png

Step 4. Locate the Role

You can sort the administrative roles by their Name, Role id or Last modification date.
You can also filter the roles by typing any part of the role name in the Search box.

Step 5. View the role attributes and versions

Select the role by clicking the role name. You can see all the attributes that exist for the selected role. Click the link View role assignments to see the assignments for this role and to restore them.

entraid-roles-view.png

By clicking View role assignments, you can see the identities that have been granted the permissions defined by the role definition (users, groups or service principals). You can select any day and time from the calendar to view the role assignments for the rule as it was on the selected time point.

Changes to the role assignments are recorded in Role assignments log. From there you can detect the timing of the changes, which will help you to choose the correct version date & time from the calendar.

You can start the restoration for Role assignments by clicking Restore this version. (You may need to scroll down to see the Restore button at the bottom of the window).

entraid-role-assignments-list.png


Step 6. Select restore options

You can still change the snapshot date & time from the calendar if you didn't already choose it on any of the previous screens. To restore admin role assignments for the selected role, select With role assignments. Start the restoration by clicking Restore.

entraid-roles-restore.png

Note

Assignments for built-in roles can only be restored one at a time. There is no option to restore assignments for all/selected roles at once.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more