Microsoft Entra ID Sanitized Data
Last updated
Last updated
© Worklytics Co.
The following table(s) contains detailed examples of the metadata fields available from the Entra ID API endpoints Worklytics leverages. In order to pseudonymize and sanitize PII and other potentially sensitive data, Worklytics provides access to a Data Loss Prevention (DLP) Proxy, which allows customers to pre-filter metadata, within customer infrastructure, before it is sent to Worklytics for processing.
These are the fields Worklytics recommends but the Worklytics DLP Proxy provides full field-level control and therefore any field may be removed or sanitized.
Field descriptions are taken from third party API documentation, these are maintained on a best effort basis and Worklytics can not guarantee their indefinite accuracy. Please refer to the source API site for the most up-to-date documentation.
How to read the "DLP Proxy" column in the table(s):
⭕ This field is transformed, usually partially redacted
🟡 This field is "pseudonymized" by the DLP Proxy: only a SHA256 hash of its value is sent to Worklytics; never the value itself
To see the full (unsanitized) version of this document, click here.
Worklytics requires access to the following API primary endpoints:
Used to retrieve a list of groups (groups are collections of principals)
Endpoints:
/v1.0/groups
Used to retrieve a list of group members
Endpoints:
/v1.0/groups/{id}/members
Used to retrieve a list of User objects
Endpoints:
/v1.0/users
API docs: https://learn.microsoft.com/en-us/graph/api/resources/groups-overview?view=graph-rest-1.0&tabs=http
DLP Proxy docs: Entra ID
🟢 Allowed
id
String
🟡 Pseudonymized
mail
String
Raw example: alice@acme.com
Sanitized example:
API docs: https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
DLP Proxy docs: Entra ID
🟢 Allowed
id
String
API docs: https://learn.microsoft.com/en-us/graph/api/user-list?view=graph-rest-1.0
DLP Proxy docs: Entra ID
🟢 Allowed
accountEnabled
Boolean
🟡 Pseudonymized
employeeId
String
Raw example: 4831887
Sanitized example:
🟢 Allowed
hireDate
Instant
🟢 Allowed
id
String
🟢 Allowed
isResourceAccount
Boolean
🟡 Pseudonymized
mail
String
Raw example: alice@acme.com
Sanitized example:
🟢 Allowed
mailboxSettings
MailboxSettings
🟢 Allowed
mailboxSettings.archiveFolder
String
🟢 Allowed
mailboxSettings.automaticRepliesSetting
AutomaticRepliesSettings
🟢 Allowed
mailboxSettings.automaticRepliesSetting.scheduledEndDateTime
DateTimeTimeZone
🟢 Allowed
mailboxSettings.automaticRepliesSetting.scheduledEndDateTime.dateTime
Date
🟢 Allowed
mailboxSettings.automaticRepliesSetting.scheduledEndDateTime.timeZone
String
🟢 Allowed
mailboxSettings.automaticRepliesSetting.scheduledEndStartTime
DateTimeTimeZone
🟢 Allowed
mailboxSettings.dateFormat
String
🟢 Allowed
mailboxSettings.language
LocaleInfo
🟢 Allowed
mailboxSettings.language.displayName
String
🟢 Allowed
mailboxSettings.language.locale
String
🟢 Allowed
mailboxSettings.timeFormat
String
🟢 Allowed
mailboxSettings.timeZone
String
🟢 Allowed
mailboxSettings.userPurpose
String
🟢 Allowed
mailboxSettings.workingHours
WorkingHours
🟢 Allowed
mailboxSettings.workingHours.daysOfWeek
Set of DayOfWeek
🟢 Allowed
mailboxSettings.workingHours.endTime
String
🟢 Allowed
mailboxSettings.workingHours.startTime
String
🟢 Allowed
mailboxSettings.workingHours.timeZone
TimeZoneBase
🟢 Allowed
mailboxSettings.workingHours.timeZone.name
String
🟡 Pseudonymized
otherMails
List of String
Raw example: ["alice@acme.com","aliceatwork@acme.com"]
Sanitized example:
🟡 Pseudonymized
proxyAddresses
List of String
Raw example: ["alice@acme.com","aliceatwork@acme.com"]
Sanitized example:
🟢 Allowed
userType
String