EntraBackup.Read.All

Allows the app to list the all the snapshots, jobs and enumerate the changes of a specific preview job, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the EntraBackup.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	56eda3c5-3834-4815-bd41-6f8fa1295247	a6ea9dd7-4dd9-4484-a80a-ac9ad981dcf1
DisplayText	Read Preview jobs and snapshots	Read Preview jobs and snapshots
Description	Allows the app to list the all the snapshots, jobs and enumerate the changes of a specific preview job, on behalf of the signed-in user.	Allows the app to list the all the snapshots, jobs and enumerate the changes of a specific preview job, on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /directory/recovery/snapshots
	GET /directory/recovery/snapshots/{snapshot-id}
	GET /directory/recovery/snapshots/{snapshot-id}/recoveryJobs/{job-id}/getFailedChanges
	GET /directory/recovery/snapshots/{snapshot-id}/recoveryPreviewJobs/{job-id}/getChanges

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: recoveryChangeObjectBase

Property	Type	Description
displayName	String	The display name of the changed object in its current state, used to uniquely identify the object. Supports `$filter` (`eq`, `ne`, `startswith`).
entityTypeName	microsoft.graph.entraRecoveryServices.resourceTypeName	The type of directory entity being modified. The possible values are: `user`, `group`, `conditionalAccessPolicy`, `namedLocationPolicy`, `authenticationMethodPolicy`, `authorizationPolicy`, `authenticationStrengthPolicy`, `application`, `servicePrincipal`, `unknownFutureValue`, `oAuth2PermissionGrant`, `appRoleAssignment`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `oAuth2PermissionGrant`, `appRoleAssignment`. Supports `$filter` (`eq`, `ne`).
failureMessage	String	The error message if the change failed to apply. Only populated in getFailedChanges responses. `null` otherwise.
id	String	The unique identifier of the changed object. Inherited from entity. Supports `$filter` (`eq`, `ne`).
recoveryAction	microsoft.graph.entraRecoveryServices.recoveryAction	The type of recovery action to be performed on this object. The possible values are: `softDelete`, `update`, `restore`, `unknownFutureValue`. Supports `$filter` (`eq`, `ne`).

Graph reference: recoveryPreviewJob

Property	Type	Description
filteringCriteria	microsoft.graph.entraRecoveryServices.recoveryJobFilteringCriteriaBase	Optional filtering criteria used to scope the job to specific entity types or entity IDs. Inherited from recoveryJobBase.
id	String	The unique identifier for the job. Inherited from entity. Supports `$filter` (`eq`, `ne`).
jobCompletionDateTime	DateTimeOffset	The date and time when the job completed. `null` if the job is still running. Inherited from recoveryJobBase.
jobStartDateTime	DateTimeOffset	The date and time when the job started. Inherited from recoveryJobBase.
status	microsoft.graph.entraRecoveryServices.recoveryStatus	The current status of the job. Inherited from recoveryJobBase. The possible values are: `initialized`, `running`, `successful`, `failed`, `abandoned`, `unknownFutureValue`, `calculating`, `loadingData`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `calculating`, `loadingData`. Supports `$filter` (`eq`, `ne`).
targetStateDateTime	DateTimeOffset	The target snapshot timestamp to which the tenant is being restored. Inherited from recoveryJobBase. Supports `$filter` (`eq`, `ne`).
totalChangedLinksCalculated	Int32	The total count of changed directory object links (relationships) calculated by the job. `null` until the job completes calculation. Inherited from recoveryJobBase.
totalChangedObjectsCalculated	Int32	The total count of changed directory objects calculated by the job. `null` until the job completes calculation. Inherited from recoveryJobBase.

Graph reference: Snapshot

Property	Type	Description
createdDateTime	DateTimeOffset	The date and time when the snapshot was created.
id	String	The unique identifier for the snapshot. This is the base64-encoded representation of the snapshot timestamp. Inherited from entity.
totalChangedObjects	Int32	The total number of changed objects identified in this snapshot.

Table of Contents

EntraBackup.Read.All

Graph Methods

Resources