Microsoft Entra ID

The following table(s) contains detailed examples of the metadata fields available from the Entra ID API endpoints Worklytics leverages. In order to pseudonymize and sanitize PII and other potentially sensitive data, Worklytics provides access to a Data Loss Prevention (DLP) Proxy, which allows customers to pre-filter metadata, within customer infrastructure, before it is sent to Worklytics for processing.

These are the fields Worklytics recommends but the Worklytics DLP Proxy provides full field-level control and therefore any field may be removed or sanitized.

Field descriptions are taken from third party API documentation, these are maintained on a best effort basis and Worklytics can not guarantee their indefinite accuracy. Please refer to the source API site for the most up-to-date documentation.

How to read the "DLP Proxy" column in the table(s):

🔴 This field is completely redacted by the DLP Proxy

⭕ This field is transformed, usually partially redacted

🟡 This field is "pseudonymized" by the DLP Proxy: only a SHA256 hash of its value is sent to Worklytics; never the value itself

To see only the fully sanitized version of this document, click here.

Worklytics requires access to the following API primary endpoints:

ModelDescriptionAPI docs

GraphUser

Used to retrieve a list of User objects Endpoints: /v1.0/users

🔗↗️

GraphGroupMember

Used to retrieve a list of group members Endpoints: /v1.0/groups/{id}/members

🔗↗️

GraphGroup

Used to retrieve a list of groups (groups are collections of principals) Endpoints: /v1.0/groups

🔗↗️

GraphUser

API docs: https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0

DLP Proxy docs: Entra ID

DLP ProxyProperty NameTypeDescription

🔴 Redacted

aboutMe

N/A

🟢 Allowed

accountEnabled

Boolean

🔴 Redacted

businessPhones

N/A

🔴 Redacted

city

N/A

🔴 Redacted

department

N/A

🔴 Redacted

displayName

N/A

🟡 Pseudonymized

employeeId

String

Raw example: 4831887 Sanitized example:

p~SIoJOpeSgYF7YUP

🔴 Redacted

givenName

N/A

🟢 Allowed

hireDate

Instant

🟢 Allowed

id

String

🟢 Allowed

isResourceAccount

Boolean

🔴 Redacted

jobTitle

N/A

🟡 Pseudonymized

mail

String

Raw example: alice@acme.com Sanitized example:

{
	"scope":"email",
	"domain":"acme.com",
	"hash":"aT3usZghgyWmDoXRncq5qhmQJQMjY49xDJylpM4TyYI"
}

🟡 Pseudonymized

mailboxSettings

MailboxSettings

🟢 Allowed

mailboxSettings.archiveFolder

String

🟡 Pseudonymized

mailboxSettings.automaticRepliesSetting

AutomaticRepliesSettings

🔴 Redacted

mailboxSettings.automaticRepliesSetting.externalReplyMessage

String

🔴 Redacted

mailboxSettings.automaticRepliesSetting.internalReplyMessage

String

🟢 Allowed

mailboxSettings.automaticRepliesSetting.scheduledEndDateTime

DateTimeTimeZone

🟢 Allowed

mailboxSettings.automaticRepliesSetting.scheduledEndDateTime.dateTime

Date

🟢 Allowed

mailboxSettings.automaticRepliesSetting.scheduledEndDateTime.timeZone

String

🟢 Allowed

mailboxSettings.automaticRepliesSetting.scheduledEndStartTime

DateTimeTimeZone

🟢 Allowed

mailboxSettings.context

String

🟢 Allowed

mailboxSettings.dateFormat

String

🟢 Allowed

mailboxSettings.language

LocaleInfo

🟢 Allowed

mailboxSettings.language.displayName

String

🟢 Allowed

mailboxSettings.language.locale

String

🟢 Allowed

mailboxSettings.timeFormat

String

🟢 Allowed

mailboxSettings.timeZone

String

🟢 Allowed

mailboxSettings.workingHours

WorkingHours

🟢 Allowed

mailboxSettings.workingHours.daysOfWeek

Set of DayOfWeek

🟢 Allowed

mailboxSettings.workingHours.endTime

String

🟢 Allowed

mailboxSettings.workingHours.startTime

String

🟢 Allowed

mailboxSettings.workingHours.timeZone

TimeZoneBase

🟢 Allowed

mailboxSettings.workingHours.timeZone.name

String

🔴 Redacted

mobilePhone

N/A

🔴 Redacted

officeLocation

N/A

🟡 Pseudonymized

otherMails

List of String

Raw example: ["alice@acme.com","aliceatwork@acme.com"] Sanitized example:

[
	{
		"scope":"email",
		"domain":"acme.com",
		"hash":"aT3usZghgyWmDoXRncq5qhmQJQMjY49xDJylpM4TyYI"
	},
	{
		"scope":"email",
		"domain":"acme.com",
		"hash":"9vNzNM4KMF1Imj6P8ia4PBu6zM16s6A-6VgxE9-vASs"
	}
]

🔴 Redacted

preferredLanguage

N/A

🟡 Pseudonymized

proxyAddresses

List of String

Raw example: ["alice@acme.com","aliceatwork@acme.com"] Sanitized example:

[
	{
		"scope":"email",
		"domain":"acme.com",
		"hash":"aT3usZghgyWmDoXRncq5qhmQJQMjY49xDJylpM4TyYI"
	},
	{
		"scope":"email",
		"domain":"acme.com",
		"hash":"9vNzNM4KMF1Imj6P8ia4PBu6zM16s6A-6VgxE9-vASs"
	}
]

🔴 Redacted

state

N/A

🔴 Redacted

surname

N/A

🔴 Redacted

usageLocation

N/A

🟢 Allowed

userType

String

GraphGroupMember

API docs: https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http

DLP Proxy docs: Entra ID

DLP ProxyProperty NameTypeDescription

🟢 Allowed

id

String

GraphGroup

API docs: https://learn.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0&tabs=http

DLP Proxy docs: Entra ID

DLP ProxyProperty NameTypeDescription

🔴 Redacted

description

String

🔴 Redacted

displayName

String

🟢 Allowed

id

String

🟡 Pseudonymized

mail

String

Raw example: alice@acme.com Sanitized example:

{
	"scope":"email",
	"domain":"acme.com",
	"hash":"aT3usZghgyWmDoXRncq5qhmQJQMjY49xDJylpM4TyYI"
}
PreviousGoogle Meet Sanitized DataNextMicrosoft Entra ID Sanitized Data

Last updated

Company

AboutSecurityPrivacy PolicyTerms of Service

Resources

BlogIntegrationsService StatusSupport

© Worklytics Co.