- Product Manager
- Posts: 5525
- Liked: 1163 times
- Joined: Jul 15, 2013 11:09 am
- Full Name: Niels Engelen
- Posts: 2
- Liked: never
- Joined: Oct 30, 2020 11:29 pm
- Full Name: William P Tkach
+100 on this.RayS wrote: ↑Aug 17, 2022 3:15 pm I would like to also add interest in this.
To add to what's already been mentioned in this thread, a comprehensive backup and recovery of both individual objects and full restore to point-in-time. This should provide item-level restore as well.
One thing mentioned by a competitor, if using Azure AD Connect to synchronize objects from on-prem AD to Azure AD, simply re-synchronizing the object isn't good enough. That object can be synchronized with a new UUID and will not maintain any previous state, roles or permissions. A backup of the object in AAD and synchronization state with the on-prem object is necessary.
Things that should be backed up and recoverable in AAD to protect against deletion or unrecoverable misconfigurations:
- AAD Tenant Properties
- External Identities
- Roles and Administrators (custom roles, assignments, IAM policy)
- Administrative Units
- Enterprise applications (user settings, registrations, application objects and permissions, service principal objects, admin consent)
- Devices (settings and all objects, bitlocker keys, Intune policies and settings)
- App registrations (application objects, api settings, keys and certificates, permission)
- Licenses (users and group assignments)
- Conditional access policies
- Company branding
- Custom domain names
- Intune (would be amazing, even if an entirely different or bundled product)
- User settings
- Security (conditional access, identity protection, named locations, MFA, certificate authorities)
And this is just what I use, I'm sure others have more or different requirements based on their company needs.
If it's an object that can be deleted or configuration that can be misconfigured, it should be restorable to a previous state.
This is something that, with 0365/Azure being over ten years old, I find INCREDIBLE that this has not been implemented by someone. Really, Microsoft should have created some backup for this YEARS ago, or provided API's for backup companies to tie and back up this information. Think of what could happen if you lost some of this information, or it was erased, intentionally, accidentally, or because of software/hardware failure.
From my understanding Microsoft provides no guarantee WHATSOEVER that your data is safe. You are responsible to back it up. I'm not sure what the guarantee is that the settings/configurations etc are backed up and recoverable as well, but if there is functionality built into M365/Azure, then it is not something I have come across.
Being able to recover your data is one thing, but if something has happened to the way you have setup and structured the settings/configurations, restoring your data may not work correctly.
And it should not be just a full backup. If i need to recover my inTune settings to a date 1 week ago, then I should be able to do so.
- Service Provider
- Posts: 5
- Liked: 1 time
- Joined: May 02, 2017 9:59 am
- Full Name: Christoph Seeliger
are there any plans to implement backup of EntraID within Veeam for M365? Several of our customers are asking about this functionality, because there are some other solutions in the market advertising with that feature.
- Product Manager
- Posts: 7610
- Liked: 1978 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
I moved your request to the existing topic. Please see the comment of my colleague.
- Posts: 27
- Liked: 3 times
- Joined: Nov 14, 2019 7:12 pm
- Full Name: Chris Lukowski
This is something that would be extremely beneficial, ESPECIALLY if we can get a "Compare with Production" view in an Explorer to see what changed between a backup and the live environment.
- Service Provider
- Posts: 90
- Liked: 14 times
- Joined: Apr 22, 2022 12:14 pm
- Full Name: Danny de Heer
Just giving this post another kick back to top.
Its been almost 6 months since last update.
Not sure if this has been mentioned before, but competitors are already filling this gap and I'd rather stay with the Veeam Ecosystem. However we have multiple request by resellers that they want this feature.
If Veeam can tell us when they plan to implement this feature too, that would be great.
Users browsing this forum: No registered users and 1 guest