Skip to main content

Microsoft Entra ID Protection Report for Veeam Backup & Replication, unofficial and unsupported

  • June 14, 2026
  • 5 comments
  • 71 views
jorge.delacruz
Forum|alt.badge.img+8

Greetings friends,

I wanted to share a new community-driven PowerShell report for Microsoft Entra ID protection in Veeam Backup & Replication.
VBR can protect Microsoft Entra ID, which is great. But I wanted a cleaner way to answer a few simple questions without jumping between logs, CSVs, SQL queries, or job sessions.

This is how it looks like:


 

Why this report?

Microsoft Entra ID is now one of the most critical identity layers in most organizations. It contains users, groups, applications, service principals, role assignments, conditional access policies, and many other objects that are essential for Microsoft 365, Azure, SaaS access, and automation.
Having the backup is step one.Being able to report on it, search it, export it, and send it to the right people is the next step.

This report helps answer:

  1. Are my Entra ID backup sessions running successfully?
  2. What completed with warnings or failures?
  3. How many objects were discovered and stored?
  4. Which users, groups, applications, service principals, and role assignments are protected?
  5. Can I search for a specific object and see it quickly?

What the script does

The script queries the Veeam Backup & Replication PostgreSQL database and the related veeamrepository_* databases.

It then generates:

  • A self-contained HTML dashboard
  • CSV exports
  • Searchable AG Grid tables
  • KPI cards
  • Highcharts graphs
  • A ZIP file with all outputs
  • Optional email delivery using Microsoft Graph API

What is included in the dashboard?

The HTML report includes several sections:

KPI cards

A quick summary of:

  • Total sessions
  • Successful sessions
  • Warnings
  • Failed sessions
  • Protected objects

Session Results Over Time

Useful to quickly see if something started warning or failing on a specific day.

Session Result Distribution

A clean summary of success, warning, and failure results.

Daily Object Type Breakdown

Shows discovered versus stored objects per object type, including users, applications, groups, service principals, administrative units, role definitions, and role assignments.

Session Duration Trend

Helps identify whether Entra ID backup duration is stable or increasing.

All Job Sessions

A searchable table with job name, job type, result, duration, processed size, stored size, and the message or reason.

Object Counts Per Session

Shows how many objects were discovered, stored, failed, or incomplete for each session.

All Protected Objects

This is probably the most useful section.

You can search by user, group, application, service principal, role assignment, or any other protected object type.

How it works

The flow is simple:

  1. Run the PowerShell script from the VBR server, or from a machine that can access the PostgreSQL database.
  2. The script detects the correct VBR database schema, depending of v12.x or v13.x
  3. It queries Entra ID job sessions.
  4. It queries object counts per session.
  5. It extracts granular protected objects from the repository databases.
  6. It exports everything to CSV.
  7. It generates the HTML dashboard.
  8. It compresses the HTML and CSV files into a ZIP.
  9. Optionally, it sends the report by email using Microsoft Graph API.

Requirements

You will need:

  • Veeam Backup & Replication v12.3 or newer
  • PowerShell 5.1+
  • PostgreSQL client, psql.exe
  • Access to the VeeamBackup PostgreSQL database
  • Access to the veeamrepository_* databases
  • Highcharts and AG Grid JavaScript files for the offline HTML dashboard
  • MSAL.PS if you want email delivery
  • Microsoft Graph App Registration if email delivery is enabled

Example use cases

This can be useful for:

  • Weekly Entra ID protection checks
  • Internal reporting
  • Backup administrator reviews
  • Security or identity team visibility
  • Troubleshooting warnings or failures
  • Confirming whether a specific user, app, group, or service principal is protected
  • Exporting protection data for further analysis

Important disclaimer

This is a community-driven script. It is provided as-is, unofficial, and unsupported. It is not an official Veeam product, and you should not open support cases with Veeam Support for this script. Please review the script, test it in a lab, and adapt it to your own environment before running it in production.

Links

GitHub repository:

https://github.com/jorgedlcruz/veeam-html-reporting/tree/main/veeam-backup-and-replication/entra-id-report

As always, download it, review it, test it, and improve it.

Hope you enjoy it.

Twitter: @jorgedlcruz / Web: https://jorgedelacruz.uk / vExpert: 2014-2025 / InfluxAce / Grafana Champion

    5 comments

    Chris.Childerhose
    Forum|alt.badge.img+22

    This is excellent Jorge.   Will test and provide feedback 👍

    Chris Childerhose (Enterprise Architect) - VMCE+ | VMCA | VMCE | VMCE-SP | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 7* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV/VCP-VVF | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
      coolsport00
      Forum|alt.badge.img+23
      • coolsport00
      • Veeam Legend
      • June 15, 2026

      What a nice, clean M365 Report Jorge! Great effort! Thanks for sharing with the Community!

      Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
        Jean.peres.bkp
        Forum|alt.badge.img+8

        This will save the team a lot of time. Thanks for sharing!

        Jean Sczepanski Peres | Solutions Architect
          kciolek
          Forum|alt.badge.img+5
          • kciolek
          • Influencer
          • June 15, 2026

          this is great! I will test this out!

          Ken Ciolek | SHI Labs Data Protection & Storage Lead | Object First Ace | Commvault Global Ambassador
          V
          • veeeeee-M
          • New Here
          • June 15, 2026

          Hi Jorge,

          I ran the script and no data appeared. It returned an error: 

          Uncaught SyntaxError: Unexpected token ';'
          EntraID_Protection_Dashboard.html:193

           

          On this line, the following was there:

          const protectedObjRaw = ;

          I assume it couldn’t load protected Objects from my environment?

           

          I changed this line to

          const protectedObjRaw = {} ;

          Now it works of course, but protected objects is empty.

           

          Thanks fot the great work!

           

          Terms & ConditionsAccessibility statement