Tim Springston Principal Product Manager, Semperis

At a glance

Identity building blocks you don’t want to lose in Entra ID recovery:

  • Devices: Recovering device identities helps you keep people productive and maintain Conditional Access behavior, not just restore user objects on paper.
  • Intune configurations: Restoring configuration policies brings back the rules that harden endpoints and drive compliance decisions.
  • Custom attributes: Preserving user-level attributes keeps the fine-grained access logic working after recovery, especially in complex or multi-tenant environments.

Close the gaps in your hybrid identity resilience

Most organizations have spent years hardening Entra ID from an identity and access control perspective: tightening Microsoft Entra Conditional Access policies, rolling out multifactor authentication (MFA), and pushing more workloads to the cloud.

But when you look at how you would actually recover that environment after a cyber incident, the picture is usually much less complete.

Most recovery strategies still focus on the usual suspects: users and groups. But in Entra ID, that’s only part of the story. Today, access decisions increasingly depend on a wider set of signals—things like device identities, Intune-driven security posture, and the custom attributes your applications quietly rely on.

If those pieces are missing or misaligned after an attack or major misconfiguration, you may technically have your users back, but you still can’t safely run the business. Let’s take a closer look at why these identity signals matter so much for Entra ID recovery and how Semperis Disaster Recovery for Entra Tenant (DRET) closes those gaps.


Hidden layers of Entra ID recovery

Most people now connect to work through laptops and phones that are tightly integrated with Entra ID and Intune. Those devices aren’t just hardware anymore—they’re identities that help determine who gets access to what.

If you rarely see MFA prompts on your corporate laptop, it’s because the device identity and Intune-driven compliance are doing a lot of the heavy lifting. If those identities or policies are damaged, your access model and security posture can break even if your user accounts are still there.

Because Entra ID relies on more than just user identities, recovery has to follow the same access signals the environment uses, including:

  • Entra ID device objects
  • Intune device configuration
  • User-level custom security attributes

These tend to be complex, under-documented, and often only partially covered (or not covered at all) by traditional backup tools. DRET goes straight for those gaps.


Entra ID recovery beyond users and groups

A strategic Entra ID recovery plan that shifts beyond users and groups needs to cover three things that sit behind most access decisions: device identities, Intune configurations, and user-level custom attributes.


Backup and restore for cloud devices

Entra ID device objects are non-human identities (NHIs) that represent desktop computers, laptops, and mobile devices. Conditional Access uses device identities to decide whether a user can log in to their cloud apps. If the device is Entra ID joined, the devices also pass along their own credentials as an additional factor of authentication (an MFA) when users are logging in.

If device identities are deleted or corrupted, users can be locked out of all their apps—even if their user accounts are fine. Restoring those device identities lets you re-establish trust and security posture without rebuilding everything from scratch.

DRET backs up and restores Entra ID device objects.

This means that users remain productive and your security posture remains intact after device-related incidents by restoring trusted device access quickly instead of spending days re-enrolling hardware and loosening controls just to get people back online.


Backup and restore for Intune device configurations

Intune is powerful, yet complicated. A mix of policy types and APIs control device configuration and compliance, which is great for flexibility but tricky when you need to put things back the way they were.

DRET backs up Intune device configuration policies and restores them.

This means you can recover from misconfigurations, malicious changes, or mass deletions that affect your endpoint management layer.

In other words, it’s not just the directory objects that come back: the rules and relationships that shape endpoint behavior can come back too.


Backup and restore for user custom security attributes

A more technical, but crucial, piece of a strong Entra ID recovery strategy is user-based custom security attributes.

In real environments, a lot of access logic depends on custom properties attached to users: flags, tenant markers, business-unit tags, and other attributes that apps read to decide what a user can see or do. That’s especially true in multi-tenant or acquisition-heavy organizations.

DRET doesn’t just cover custom security attributes tied to applications; it also includes attributes that are tied directly to users.

Without those attributes, restoring a user often means restoring only half of what actually defines their access. Including those attributes in your recovery strategy makes it possible to bring back the subtle but critical pieces of identity that many access models depend on.


Bringing recovery in line with how Entra ID really works

Entra ID today is more than a list of users and groups. It’s an engine that blends user identity, device trust, Intune compliance, and custom attributes into access decisions that change in real time.

Recovery strategies that account for only a subset of that picture leave organizations exposed long after an incident is “over.”

Entra ID recovery best practices are moving away from basic object backup toward identity-centric resilience, designing recovery so that the same signals that drive access in production can be reliably reassembled after an incident.

Whether with DRET or another approach, the key question is the same:

If your Entra ID tenant were disrupted tomorrow, could you not just restore identities on paper—but also restore the real-world access and posture your business depends on?

This is one of the gaps that Semperis DRET is designed to close.

Learn more