Hello everyone,
I would like to share with you a new guide dedicated to Azure cloud for backing up and restoring Entra ID objects.
Why back up Microsoft Entra ID
Backing up Azure Entra ID (formerly Azure Active Directory) objects is essential for ensuring security, business continuity, and compliance. Here is a summary of the main reasons:
1. Protection against accidental or malicious deletions
Users, groups, roles, or applications can be deleted by mistake or intentionally.
A backup allows you to quickly restore these objects without having to recreate them manually.
2. Reduced downtime
The unavailability or corruption of Entra ID objects can block access to critical cloud services (e.g., Microsoft 365, Teams, Intune).
Backup speeds up recovery, minimizing the impact on users and operations.
3. Resilience against cyberattacks
In the event of ransomware or malicious changes, a backup allows you to revert to a secure and stable version of configurations and permissions.
4. Compliance and auditing
Many regulations require the retention of user data and configurations.
Backups demonstrate compliance with regulatory requirements (e.g., GDPR, ISO 27001).
5. Granular restoration and recovery testing
Tools such as Veeam allow selective restoration (e.g., only a group or policy) and non-destructive testing of the disaster recovery plan.
Solution Architecture
Solution Architecture - User Guide for Microsoft Entra ID
- How to work Veeam Backup for Microsoft Entra ID
Details Link:
Microsoft Entra ID Plug-in for Veeam Backup & Replication
Microsoft Entra ID backup repository
-
Permissions
Permissions - User Guide for Microsoft Entra ID
-
Ports
Ports - User Guide for Microsoft Entra ID
-
System Requirements
System Requirements - User Guide for Microsoft Entra ID
-
Configuring Log and Cache Repositories
Configuring Log and Cache Repositories - User Guide for Microsoft Entra ID
-
Create user dedicated for New Database Entra ID in PostgesSQL 15.3
-
-
Choose Connection Method
-
Configuring Veeam Backup for Microsoft Entra ID
Configuring Veeam Backup for Microsoft Entra ID - User Guide for Microsoft Entra ID
Step 1: Verify Your App Registration
- Go to Microsoft Entra Admin Center.
- Navigate to:
Home > Identity > Applications > App registrations - Click on the App ID you're using (xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx).
Confirm:
- App is not deleted or disabled.
- The Redirect URI is set:
- For modern authentication with legacy protocols:
https://localhost - Or for token-based:
https://login.microsoftonline.com/common/oauth2/nativeclient
- For modern authentication with legacy protocols:
Step 2: Check Required API Permissions If you want create maul user
Under your App Registration:
- Go to API permissions.
- Click Add a permission > Microsoft Graph:
- Application permissions:
- Directory.Read.All
- Group.Read.All
- User.Read.All
Delegated permissions (if using interactive logon)
-
- offline_access
- User.Read
-
Adding Microsoft Entra ID Tenants
Check connettivity:
Test-NetConnection login.microsoftonline.com -Port 443bad 💀
good 😍
-
Test the Entra OAuth 2.0 endpoint
Invoke-WebRequest -Uri "https://login.microsoftonline.com/common/oauth2/token" -UseBasicParsinggood 😍
-
Verify the secretID of the new account created by the Veeam wizard and/or created manually.
-
Specifying Existing Application
Specifying Existing Application - User Guide for Microsoft Entra ID
-
Creating New Application
-
Check secret ID form azure
Complete the wizard
-
Create backup job for Entra ID
-
Test restore
For testing purposes, I am deleting a test user so that I can then restore it.
enjoy
happy backup & restore
