Datto Backup for Microsoft Entra ID – March 2026

New features

Expanded Backup Coverage for Microsoft Entra ID

This release expands backup coverage in Datto Backup for Entra to include additional Microsoft Entra ID objects.
These objects are now fully included in backup operations.
Restore functionality for these new object types will be introduced in the next release.

With this update, you gain improved protection and visibility across key Entra ID configuration and identity data.

Newly Supported Objects for Backup

The following Microsoft Entra ID objects are now included in backup:

Service Principals

Backup now includes Service Principal objects along with their configuration, identity, and authorization data.

Examples of captured properties include (but are not limited to):

Core identity and lifecycle data (ID, display name, created/deleted timestamps)
Application association (appId, appDisplayName, applicationTemplateId)
Authentication and authorization settings:
- App roles, OAuth2 permission scopes
- SAML SSO configuration
- Key and password credentials
Metadata and configuration:
- Tags, notes, verified publisher
- Sign-in audience and SSO preferences

Devices

Device objects are now protected, enabling backup of information related to device registration, compliance, and management state.

Examples of captured properties include:

Device identity and ownership
Compliance and management status
Operating system and hardware metadata
Enrollment and sync details
Trust, source, and registration attributes

Contacts

Non-user contact objects are now backed up to help maintain a complete directory.

Examples of captured properties include:

Identity and display information
Contact details (email, phone, addresses)
Organizational data (company, department, job title)
On-premises synchronization metadata (where applicable)

Applications

Application registrations are now included within the backup scope.

Examples of captured properties include:

Application identity and metadata
Sign-in audience and redirect configurations
Required resource access and service principal lock configuration
Web and SPA configuration details

Administrative Units

Administrative Units are now protected to help preserve scoped management boundaries in your tenant.

Examples of captured properties include:

Display name and description
Membership type and rules
Visibility and management restriction settings

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.