Step 1. Sign into the backup portal
Open your web browser and go to the following address: https://shield-cloud.nexetic.com/
Select Sign in with Microsoft 365. Insert your Microsoft 365 admin credentials for the tenant you want to restore data from.
Resellers can also sign in via Nexetic Portal.
Step 2. Select Backup for Entra ID
Click the icon in the top-left corner of the page and select Backup for Entra ID.
Step 3. Select Roles -> Custom roles page
Click Roles in the top navigation and select Custom. You can see the list of all the custom administrative roles that have been backed up from the customer's Entra ID tenant.
Step 4. Locate the Role
You can sort the roles by their Name, Role id or Last modification date.
You can also filter the roles by typing any part of the role name in the Search box.
Step 5. View the role attributes and versions (optional)
You can view the role settings by clicking the role name. You can see all the attributes that exist for the selected role. Click the link View role assignments to see the assignments for this role.
By clicking View role assignments, you can see the identities that have been granted the permissions defined by the role definition (users, groups or service principals). Select any date and time from the calendar to see the role assignments for the rule at that moment.
Changes to the role assignments are recorded in Role assignments log. From there you can detect the timing of the changes, which will help you to choose the correct version to be restored.
You can start the restoration for the selected role by clicking the Restore this version button. (You may need to scroll down to see the restore button at the bottom of the window).
Step 6. Select the roles to be restored
In addition to restoring a single role, you can also restore multiple or all custom roles at once. On Custom Roles page, select roles to be restored by checking the boxes next to each role name. To select all roles to be restored at once, check the box in the top-left corner of the roles grid. All custom roles in the Entra ID tenant get selected - not just the ones displayed on the current page.
Step 7. Select restore options
After selecting the role(s) to be restored, select the snapshot date & time from the calendar. You can still change the date & time even if you already chose them on any of the previous screens.
Make your choices for the following options:
- To restore the role with it's attributes, current name and object ID, choose With object. If the custom role doesn't exist in Entra ID, it will be recreated. If the role is already found in Entra ID, attributes for the existing role will be overwritten.
- If you don't select 'With object', you can still restore role assignments to the already existing role.
- If you select As new, a new custom role with a new name and object ID is created during the restore process. You need to input a name for the object that will be created.
- NOTE: The 'RESTORE AS NEW' OPTION IS NOT AVAILABLE WHEN YOU RESTORE MULTIPLE ROLES AT A TIME. If you restore multiple roles at a time and a role already exists in Entra ID, it will be overwritten. If the role doesn't exist, a new role will be created with the same name and object ID that it was backed up with.
- If you want to restore role assignments to identities such as users, groups, or service principals, select With role assignments.
- If you want to restore the objects to another Entra ID tenant, select To another tenant.
- First you need to add the target tenant where you want to restore the data to - check the instruction.
- Now you can see the existing target tenant(s) in the 'To another tenant' drop-down menu - in case of having multiple target tenants added, select the one you want to restore the data to.
- The available domain names for the selected target tenant can be seen under the 'With domain' menu and you can select the domain from there. Screenshots can be found from the above mentioned support article.
- Start the restoration by clicking Restore.