Skip to main content

Entra ID - Backup for Entra ID

V

Veeam Backup for Entra ID

Veeam Backup for Microsoft Entra ID is a specialized solution designed for the protection and disaster recovery of Microsoft Entra ID environments. This tool enables administrators and engineers to implement robust backup strategies and ensure data integrity. Below are the key functionalities and operations that can be performed using this solution:

  • Backup of Entra ID Tenants - You can create backups of Microsoft Entra ID tenants, which are stored in PostgreSQL databases. This allows for efficient data management and retrieval in case of outages or data loss.
  • Backup of Audit Logs - The solution facilitates the creation of backups for Microsoft Entra ID audit and sign-in logs. These logs are essential for monitoring activities and compliance. They can be stored in designated backup repositories to ensure they are preserved and easily accessible for analysis.
  • Restoration of Identity Components - Veeam Backup for Microsoft Entra ID provides the capability to restore various identity components from backups, including:

          Users: Restore individual user accounts as needed to reinstate access.

          Groups: Recover group configurations to maintain organizational structure.

          Administrative Units: Restore administrative units to ensure proper management protocols.

          Roles: Retrieve roles to reinstate access permissions and controls.

          Applications and Service Principals: Restore applications and service principals, maintaining operational integrity.

          Conditional access policies: Restore entire Conditional Access policies or individual properties of a Conditional Access policy from a backup or Entra ID recycle bin. You can restore one or multiple policies.

  • Property Restoration - In addition to restoring entire identity objects, engineers can restore specific properties of users, groups, administrative units, roles, applications, and service principals. This granular restoration capability ensures that configurations are returned to their original state, minimizing disruptions.
  • Restoration of Logs - The ability to restore audit and sign-in logs from backups is a critical feature. This ensures that the integrity of logging information is maintained, allowing for full audit trails and compliance with regulatory requirements.

 

Veeam Backup for Microsoft Entra ID secures and ensures the recoverability of your identity management systems with advanced encryption, automated backups, and instant recovery capabilities to protect against data breaches and cyber threats.

 

Components of Veeam Backup for Entra ID

Veeam Backup & Replication already has the requisite functionality to add Microsoft Entra ID tenants to the backup infrastructure, providing it meets the Veeam Backup for Microsoft Entra ID system requirements. It can, of course, be installed on it's own Veeam Backup & Replication server. Starting with Veeam Backup & Replication 12.3 all components needed are installed by default.

 

Let's take a look at the Veeam Backup for Entra ID Architecture!

 

Backup Server

The backup server is a Windows-based physical or virtual machine where you install Veeam Backup & Replication. This server serves as the core for configuration, administration, and management of your backup infrastructure, coordinating backup and restore operations, controlling job scheduling, and managing resource allocation.

Your backup server includes the following components:

  • Microsoft Entra ID Plug-in for Veeam Backup & Replication: This component extends the functionality of Veeam Backup & Replication, allowing you to add Microsoft Entra ID tenants to your backup infrastructure.

  • General-purpose backup proxy: This component facilitates communication between Microsoft Entra ID and the Microsoft Entra ID Plug-in for Veeam Backup & Replication, processes jobs, and transfers data to and from backup repositories. You will assign the role of the backup proxy to the machine where you have installed the backup server.

 

Additional Components

  • Microsoft Entra ID Backup Repository - A Microsoft Entra ID backup repository is a PostgreSQL instance where you store backups of your protected Microsoft Entra ID tenants using Veeam Backup for Microsoft Entra ID. By default, Veeam Backup for Microsoft Entra ID utilizes the local PostgreSQL instance installed on your backup server. To enhance data safety, you can configure Veeam Backup for Microsoft Entra ID to use a remote PostgreSQL instance.
  • Log Backup Repositories - The log backup repository is where you store backups of audit and sign-in logs for your protected Microsoft Entra ID tenants using Veeam Backup for Microsoft Entra ID. To improve log availability and ensure you can recover data in case of a disaster, you can set up primary and secondary log backup repositories in different locations, each with its own retention policies and encryption settings.
  • Cache Repository - The cache repository is a storage location where Veeam Backup for Microsoft Entra ID keeps temporary metadata to reduce the load on the backup server when performing backup operations. The cache repository keeps track of all log records that change between backup sessions.

 

To minimize network load during backup operations, it is recommended that you configure the cache repository to be located closer to the backup server in the computer network.

 

 

 

 

Continue to Lesson 2: Deploying Veeam Backup for Entra ID

Return to Course Outline

    0 comments

    Be the first to comment!

    Comment


    Terms & Conditions