Μετάβαση στο κύριο περιεχόμενο
Products
EntraExportRestore
https://catalogartifact.azureedge.net/publicartifacts/madriam-services.madriam-entra-export-restore-e34b8dfc-d574-4f56-b10d-2ae6ffbab732/image2_EntraExportRestoreLogo350x350.png

EntraExportRestore

από Madriam Services

Δωρεάν δοκιμαστική έκδοση

Attribute-level Entra ID directory backup and restore — your safety net for bulk update mistakes.

EntraExportRestore brings directory backup and identity management discipline to Microsoft Entra ID — providing selective, attribute-level export and restore of directory objects using Microsoft Graph. It is designed for a specific operational problem: protecting administrators from accidental attribute changes, bulk update errors, scripted-change mistakes, and configuration drift.

Microsoft Entra ID now includes native backup and recovery capabilities for supported objects and properties. EntraExportRestore is different in focus: it gives administrators a lightweight, locally stored, pre-change snapshot and restore workflow that can be used before planned PowerShell, Graph API, provisioning, or delegated-administration changes.

Who it's for

EntraExportRestore is intended for identity administrators, Microsoft 365 administrators, and IT operations teams responsible for Microsoft Entra ID tenants who need a practical, auditable rollback safety net for day-to-day directory changes — without the complexity or cost of a full enterprise backup platform.

The problem it solves

Many Entra ID administrators have run a bulk update — a PowerShell script, a Microsoft Graph API call, a third-party provisioning action, or a delegated-admin change — and wondered immediately afterward whether it changed exactly what was intended.

Audit logs can help identify what happened, and native recovery capabilities may help with supported recovery scenarios, but operational rollback gaps can still remain when a team needs to compare current values against a known pre-change snapshot and selectively restore specific attributes. In those situations, administrators may otherwise be left reconstructing values manually, piecing together audit history, or accepting unintended directory changes.

EntraExportRestore helps close that operational gap by capturing versioned, identified snapshots of Users, Groups, Devices, and Contacts to a local SQLite database. Administrators can then review backed-up values against current Graph values and perform granular, selective restore operations where supported — with clear visibility into what will change before anything is written.

Key capabilities

  • Export snapshots of Entra ID Users, Groups, Devices, and Contacts on demand or on schedule
  • Restore individual attributes selectively, with a pre-restore preview showing current values versus backed-up values
  • Use pre-change snapshots before planned PowerShell, Microsoft Graph, provisioning, cleanup, or delegated-administration changes
  • Attribute catalog drives export and restore behavior, including what is exportable, restorable, sensitive, and which Microsoft Graph permissions are required
  • Catalog version is recorded with each snapshot to support auditability and repeatability
  • WPF desktop UI for interactive use and CLI support for scripted or automated workflows
  • Local SQLite storage — snapshot data remains in your environment
  • No vendor-operated background service is involved in the product model
  • Supports a vendor-supplied multi-tenant app registration for delegated interactive use
  • Supports customer-owned single-tenant app registration with application permissions and certificate-based authentication for organizations with stricter third-party risk requirements

Security and data handling model

  • Directory snapshot data is stored locally in a SQLite database
  • EntraExportRestore uses Microsoft Graph permissions granted by your tenant administrator
  • Restore actions are explicit and reviewable before changes are written back to Microsoft Graph
  • Organizations can use their own single-tenant app registration when they do not want to grant access to a vendor-supplied multi-tenant app

Known constraints

  • EntraExportRestore is not a full-tenant disaster recovery platform
  • It is intended for operational, attribute-level snapshot and restore scenarios, especially around planned or accidental directory changes
  • Organizational contacts can be exported for reference, but Microsoft Graph treats them as read-only for this scenario; snapshot data can be used as a manual recovery reference
  • Device attribute restore requires application permissions and is supported through the CLI only, not the desktop Restore UI

Με μια ματιά

https://catalogartifact.azureedge.net/publicartifacts/madriam-services.madriam-entra-export-restore-e34b8dfc-d574-4f56-b10d-2ae6ffbab732/image3_20260421112946.png
https://catalogartifact.azureedge.net/publicartifacts/madriam-services.madriam-entra-export-restore-e34b8dfc-d574-4f56-b10d-2ae6ffbab732/image6_20260529144722.png
https://catalogartifact.azureedge.net/publicartifacts/madriam-services.madriam-entra-export-restore-e34b8dfc-d574-4f56-b10d-2ae6ffbab732/image0_20260529144758.png