In a similar style to my previous M365 backup post (yet-another-m365-backup-blog/) this isn’t just a re-write of other posts – the post by Henrik Brusgaard, VP of Product at our partners Keepit is up there with the best of them, and well worth a read – why-back-up-azure-active-directory/
Henrik’s post details the impact of an Entra ID outage, and honestly it’s quite alarming!
What would happen if you didn’t have your Users or Groups, your Enterprise App registrations, MFA configurations etc etc…?
It got me casting my mind back to when we only really had the option of on-premise infrastructure, and probably used Active Directory for Identity and access management, and I can’t remember a time where I saw an environment that didn’t at least have a read only domain controller, probably powered down and kept safely (i.e. Air gapped) as a recovery mechanism. Much like a two tier or three tier AD PKI hierarchy where you would have Root CA’s and Intermediate CA’s offline protecting private keys against compromise. Most likely though the DC’s in their infrastructure were backed up on a routine basis, onto separate storage and were kept for a business determined retention period. If a restore was required, it was relatively simple, restore the DC, or restore the object from the backup platform and continue business as usual.
Whilst they are two very different services, IMO the same requirements apply to Entra ID. You need to be able to respond to outages, compromises and misconfigurations and ease and speed of recoverability is absolutely key. Of course you need coverage to recover users, groups, Role Assignments etc, but you almost certainly need to be able to recover Audit logs, your enterprise applications and app registrations, Intune configurations, MFA settings and BitLocker key protectors as well!
Alongside all of that, you want these recovery points stored immutably, securelyand true backup requires a separate logical infrastructure, so stored in a separate infrastructure than the one its protecting!
Dataplanet have partnered with Keepit, as it provides the best protection for your SaaS apps, including Entra ID, M365, Google Workspace etc – get in touch if you’d like to hear more!
You are backing up Entra ID….right Rob Knapp Technical Director, dataplanet
Take back control! Prevent and Detect – Pt 2 Following on from our first post on Cyber Resilience (Take back control! Cyber resilience and ransomware – Part 1) today we look at two of the pillars in a Cyber Resilience strategy – Prevent and Detect. Ransomware is likely to be the most prevalent risk to …
Yep, yet another M365 backup blog! It would be relatively easy at this point to re-re-re-re-repeat what’s already been written in a myriad of other blog posts, telling its readers in no uncertain terms that M365 backup is a must, and so important that even Microsoft themselves strongly recommend that you take a 3rd party …
You’re ready for the upgrade… what’s holding you back? With the end of support for Windows 10 just over a year away, many business owners are starting to wonder why they haven’t upgraded to Windows 11 yet. Are you one of them? Research shows that most businesses could make the switch, but a surprising number …
You are backing up Entra ID….right?
In a similar style to my previous M365 backup post (yet-another-m365-backup-blog/) this isn’t just a re-write of other posts – the post by Henrik Brusgaard, VP of Product at our partners Keepit is up there with the best of them, and well worth a read – why-back-up-azure-active-directory/
Henrik’s post details the impact of an Entra ID outage, and honestly it’s quite alarming!
What would happen if you didn’t have your Users or Groups, your Enterprise App registrations, MFA configurations etc etc…?
It got me casting my mind back to when we only really had the option of on-premise infrastructure, and probably used Active Directory for Identity and access management, and I can’t remember a time where I saw an environment that didn’t at least have a read only domain controller, probably powered down and kept safely (i.e. Air gapped) as a recovery mechanism. Much like a two tier or three tier AD PKI hierarchy where you would have Root CA’s and Intermediate CA’s offline protecting private keys against compromise. Most likely though the DC’s in their infrastructure were backed up on a routine basis, onto separate storage and were kept for a business determined retention period. If a restore was required, it was relatively simple, restore the DC, or restore the object from the backup platform and continue business as usual.
Whilst they are two very different services, IMO the same requirements apply to Entra ID. You need to be able to respond to outages, compromises and misconfigurations and ease and speed of recoverability is absolutely key. Of course you need coverage to recover users, groups, Role Assignments etc, but you almost certainly need to be able to recover Audit logs, your enterprise applications and app registrations, Intune configurations, MFA settings and BitLocker key protectors as well!
Alongside all of that, you want these recovery points stored immutably, securely and true backup requires a separate logical infrastructure, so stored in a separate infrastructure than the one its protecting!
Dataplanet have partnered with Keepit, as it provides the best protection for your SaaS apps, including Entra ID, M365, Google Workspace etc – get in touch if you’d like to hear more!
You are backing up Entra ID….right Rob Knapp Technical Director, dataplanet
Related Posts
Take back control! Prevent and Detect Ransomware – Part 2
Take back control! Prevent and Detect – Pt 2 Following on from our first post on Cyber Resilience (Take back control! Cyber resilience and ransomware – Part 1) today we look at two of the pillars in a Cyber Resilience strategy – Prevent and Detect. Ransomware is likely to be the most prevalent risk to …
Yet another M365 backup blog
Yep, yet another M365 backup blog! It would be relatively easy at this point to re-re-re-re-repeat what’s already been written in a myriad of other blog posts, telling its readers in no uncertain terms that M365 backup is a must, and so important that even Microsoft themselves strongly recommend that you take a 3rd party …
82% of businesses are still on Windows 10 – are you?
You’re ready for the upgrade… what’s holding you back? With the end of support for Windows 10 just over a year away, many business owners are starting to wonder why they haven’t upgraded to Windows 11 yet. Are you one of them? Research shows that most businesses could make the switch, but a surprising number …