🔒 Secure Bits 💡
𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗘𝗻𝘁𝗿𝗮 𝗕𝗮𝗰𝗸𝘂𝗽 𝗮𝗻𝗱 𝗥𝗲𝗰𝗼𝘃𝗲𝗿𝘆 𝗶𝘀 𝗻𝗼𝘄 𝗶𝗻 𝗣𝘂𝗯𝗹𝗶𝗰 𝗣𝗿𝗲𝘃𝗶𝗲𝘄 — and it fills a major gap in identity resilience.
Someone disables a Conditional Access policy. A bulk import overwrites user attributes. A service principal loses its permissions. Until now, recovery meant digging through audit logs and manually reconstructing the state before.
𝗘𝗻𝘁𝗿𝗮 𝗕𝗮𝗰𝗸𝘂𝗽 𝗮𝗻𝗱 𝗥𝗲𝗰𝗼𝘃𝗲𝗿𝘆 changes that. It automatically creates 𝗱𝗮𝗶𝗹𝘆 𝗯𝗮𝗰𝗸𝘂𝗽𝘀 of critical directory objects — users, groups, apps, service principals, CA policies, auth methods — and retains 𝟱 𝗱𝗮𝘆𝘀 of history. No global admin can disable or modify them.
🛠️ 𝗪𝗵𝗮𝘁 𝗶𝘁 𝗱𝗼𝗲𝘀
You can browse backups, run 𝗱𝗶𝗳𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝗿𝗲𝗽𝗼𝗿𝘁𝘀 to see what changed, and recover objects to a previous state — all from the Entra admin center. Recovery can target all objects, specific object types, or individual objects by ID.
The recovery model is straightforward:
– Object added since backup → soft-deleted
– Object modified → reverted to backup state
– Object soft-deleted → restored
🔐 𝗔𝗰𝗰𝗲𝘀𝘀 𝗰𝗼𝗻𝘁𝗿𝗼𝗹
Two new built-in roles — 𝗕𝗮𝗰𝗸𝘂𝗽 𝗥𝗲𝗮𝗱𝗲𝗿 and 𝗕𝗮𝗰𝗸𝘂𝗽 𝗔𝗱𝗺𝗶𝗻𝗶𝘀𝘁𝗿𝗮𝘁𝗼𝗿 — support least-privilege access. Your security team can review backup state without triggering recovery.
⚠️ 𝗟𝗶𝗺𝗶𝘁𝗮𝘁𝗶𝗼𝗻𝘀
Hard-deleted objects cannot be recovered. On-prem synced objects are excluded from recovery. Not all properties are covered yet — manager, sponsor, and group ownership changes are out of scope.
For organizations navigating 𝗡𝗜𝗦𝟮 and identity security requirements, a native, tamper-proof backup of the identity control plane is a welcome addition.
Requires at least Entra ID P1. Available now in preview.
💬 How do you handle recoverability of your Entra ID tenant today?
𝘈𝘶𝘵𝘩𝘰𝘳 𝘰𝘧 𝘵𝘩𝘦 𝘱𝘰𝘴𝘵:
