In a similar style to my previous M365 backup post (yet-another-m365-backup-blog/) this isn’t just a re-write of other posts – the post by Henrik Brusgaard, VP of Product at our partners Keepit is up there with the best of them, and well worth a read – why-back-up-azure-active-directory/
Henrik’s post details the impact of an Entra ID outage, and honestly it’s quite alarming!
What would happen if you didn’t have your Users or Groups, your Enterprise App registrations, MFA configurations etc etc…?
It got me casting my mind back to when we only really had the option of on-premise infrastructure, and probably used Active Directory for Identity and access management, and I can’t remember a time where I saw an environment that didn’t at least have a read only domain controller, probably powered down and kept safely (i.e. Air gapped) as a recovery mechanism. Much like a two tier or three tier AD PKI hierarchy where you would have Root CA’s and Intermediate CA’s offline protecting private keys against compromise. Most likely though the DC’s in their infrastructure were backed up on a routine basis, onto separate storage and were kept for a business determined retention period. If a restore was required, it was relatively simple, restore the DC, or restore the object from the backup platform and continue business as usual.
Whilst they are two very different services, IMO the same requirements apply to Entra ID. You need to be able to respond to outages, compromises and misconfigurations and ease and speed of recoverability is absolutely key. Of course you need coverage to recover users, groups, Role Assignments etc, but you almost certainly need to be able to recover Audit logs, your enterprise applications and app registrations, Intune configurations, MFA settings and BitLocker key protectors as well!
Alongside all of that, you want these recovery points stored immutably, securelyand true backup requires a separate logical infrastructure, so stored in a separate infrastructure than the one its protecting!
Dataplanet have partnered with Keepit, as it provides the best protection for your SaaS apps, including Entra ID, M365, Google Workspace etc – get in touch if you’d like to hear more!
You are backing up Entra ID….right Rob Knapp Technical Director, dataplanet
Still holding on to Windows 10 in your business? It’s time to start thinking about making the move to Windows 11. Three years after its release, Windows 11 is making major headway, with its market share reaching 35.55% in October 2024. While Windows 10 still holds around 60.97% of the market, change is on the …
I have been in London recently installing an HPE MSA array for a client – whilst they have an incredibly well sorted main infrastructure solution from HPE, with enterprise-class flash storage giving them incredible resilience, performance and AI driven management and planning, they needed something for a specific workload. It needed to be highly performant, …
So, you’ve gone ahead and upgraded to Windows 11. You’re ready to explore the fresh design and all the new features. But instead of smooth sailing, your computer slows to a crawl… random errors start popping up… and you can’t install any security updates… That’s the nightmare faced by businesses that try to run Windows …
You are backing up Entra ID….right?
In a similar style to my previous M365 backup post (yet-another-m365-backup-blog/) this isn’t just a re-write of other posts – the post by Henrik Brusgaard, VP of Product at our partners Keepit is up there with the best of them, and well worth a read – why-back-up-azure-active-directory/
Henrik’s post details the impact of an Entra ID outage, and honestly it’s quite alarming!
What would happen if you didn’t have your Users or Groups, your Enterprise App registrations, MFA configurations etc etc…?
It got me casting my mind back to when we only really had the option of on-premise infrastructure, and probably used Active Directory for Identity and access management, and I can’t remember a time where I saw an environment that didn’t at least have a read only domain controller, probably powered down and kept safely (i.e. Air gapped) as a recovery mechanism. Much like a two tier or three tier AD PKI hierarchy where you would have Root CA’s and Intermediate CA’s offline protecting private keys against compromise. Most likely though the DC’s in their infrastructure were backed up on a routine basis, onto separate storage and were kept for a business determined retention period. If a restore was required, it was relatively simple, restore the DC, or restore the object from the backup platform and continue business as usual.
Whilst they are two very different services, IMO the same requirements apply to Entra ID. You need to be able to respond to outages, compromises and misconfigurations and ease and speed of recoverability is absolutely key. Of course you need coverage to recover users, groups, Role Assignments etc, but you almost certainly need to be able to recover Audit logs, your enterprise applications and app registrations, Intune configurations, MFA settings and BitLocker key protectors as well!
Alongside all of that, you want these recovery points stored immutably, securely and true backup requires a separate logical infrastructure, so stored in a separate infrastructure than the one its protecting!
Dataplanet have partnered with Keepit, as it provides the best protection for your SaaS apps, including Entra ID, M365, Google Workspace etc – get in touch if you’d like to hear more!
You are backing up Entra ID….right Rob Knapp Technical Director, dataplanet
Related Posts
Windows 11 uptake is at an all-time high – what are you waiting for?
Still holding on to Windows 10 in your business? It’s time to start thinking about making the move to Windows 11. Three years after its release, Windows 11 is making major headway, with its market share reaching 35.55% in October 2024. While Windows 10 still holds around 60.97% of the market, change is on the …
The HPE MSA – Hiding in plain sight?
I have been in London recently installing an HPE MSA array for a client – whilst they have an incredibly well sorted main infrastructure solution from HPE, with enterprise-class flash storage giving them incredible resilience, performance and AI driven management and planning, they needed something for a specific workload. It needed to be highly performant, …
Warning: Don’t ignore hardware requirements for Windows 11
So, you’ve gone ahead and upgraded to Windows 11. You’re ready to explore the fresh design and all the new features. But instead of smooth sailing, your computer slows to a crawl… random errors start popping up… and you can’t install any security updates… That’s the nightmare faced by businesses that try to run Windows …