Microsoft Entra ID Data Inventory
Last updated
Last updated
© Worklytics Co.
The following table(s) contains detailed examples of the metadata fields available from the Entra ID API endpoints Worklytics leverages. In order to pseudonymize and sanitize PII and other potentially sensitive data, Worklytics provides access to a Data Loss Prevention (DLP) Proxy, which allows customers to pre-filter metadata, within customer infrastructure, before it is sent to Worklytics for processing.
These are the fields Worklytics recommends but the Worklytics DLP Proxy provides full field-level control and therefore any field may be removed or sanitized.
Field descriptions are taken from third party API documentation, these are maintained on a best effort basis and Worklytics can not guarantee their indefinite accuracy. Please refer to the source API site for the most up-to-date documentation.
How to read the "DLP Proxy" column in the table(s):
🔴 This field is completely redacted by the DLP Proxy
⭕ This field is transformed, usually partially redacted
🟡 This field is "pseudonymized" by the DLP Proxy: only a SHA256 hash of its value is sent to Worklytics; never the value itself
To see only the fully sanitized version of this document, click here.
Worklytics requires access to the following API primary endpoints:
| Model | Description | API docs |
|---|---|---|
Used to retrieve a list of User objects
Endpoints:
| ||
Used to retrieve a list of group members
Endpoints:
| ||
Used to retrieve a list of groups (groups are collections of principals)
Endpoints:
|
API docs: https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0
DLP Proxy docs: Entra ID
| DLP Proxy | Property Name | Type | Description |
|---|---|---|---|
🔴 Redacted |
| N/A | |
🟢 Allowed |
| Boolean | |
🔴 Redacted |
| N/A | |
🔴 Redacted |
| N/A | |
🔴 Redacted |
| N/A | |
🔴 Redacted |
| N/A | |
🟡 Pseudonymized |
| String |
Raw example: |
🔴 Redacted |
| N/A | |
🟢 Allowed |
| Instant | |
🟢 Allowed |
| String | |
🟢 Allowed |
| Boolean | |
🔴 Redacted |
| N/A | |
🟡 Pseudonymized |
| String |
Raw example: |
🟡 Pseudonymized |
| MailboxSettings | |
🟢 Allowed |
| String | |
🟡 Pseudonymized |
| AutomaticRepliesSettings | |
🔴 Redacted |
| String | |
🔴 Redacted |
| String | |
🟢 Allowed |
| DateTimeTimeZone | |
🟢 Allowed |
| Date | |
🟢 Allowed |
| String | |
🟢 Allowed |
| DateTimeTimeZone | |
🟢 Allowed |
| String | |
🟢 Allowed |
| String | |
🟢 Allowed |
| LocaleInfo | |
🟢 Allowed |
| String | |
🟢 Allowed |
| String | |
🟢 Allowed |
| String | |
🟢 Allowed |
| String | |
🟢 Allowed |
| WorkingHours | |
🟢 Allowed |
| Set of DayOfWeek | |
🟢 Allowed |
| String | |
🟢 Allowed |
| String | |
🟢 Allowed |
| TimeZoneBase | |
🟢 Allowed |
| String | |
🔴 Redacted |
| N/A | |
🔴 Redacted |
| N/A | |
🟡 Pseudonymized |
| List of String |
Raw example: |
🔴 Redacted |
| N/A | |
🟡 Pseudonymized |
| List of String |
Raw example: |
🔴 Redacted |
| N/A | |
🔴 Redacted |
| N/A | |
🔴 Redacted |
| N/A | |
🟢 Allowed |
| String |
API docs: https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
DLP Proxy docs: Entra ID
| DLP Proxy | Property Name | Type | Description |
|---|---|---|---|
🟢 Allowed |
| String |
API docs: https://learn.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0&tabs=http
DLP Proxy docs: Entra ID
| DLP Proxy | Property Name | Type | Description |
|---|---|---|---|
🔴 Redacted |
| String | |
🔴 Redacted |
| String | |
🟢 Allowed |
| String | |
🟡 Pseudonymized |
| String |
Raw example: |
