Regina Lapidus

Today, the cloud has become a highly strategic platform that enables organizations’ digital transformation. While the cloud-first approach is still less common, many organizations are embracing a hybrid cloud environment, which allows for maximum flexibility and control.

Securing a hybrid identity system, which for most organizations involves on-premises AD synchronized with Azure AD, poses challenges. Just like on-premises AD, Azure AD has security vulnerabilities, and the hybrid mix creates additional opportunities for cyber attackers. Cybercriminals, as seen in the Kaseya and SolarWinds breaches, exploit security weaknesses in hybrid identity systems by gaining entry into the cloud and moving to the on-premises system, or vice versa.

In the event of an attack on Azure AD, Microsoft is, of course, responsible for ensuring the continuous availability of the Azure service. However, protecting your own Azure AD resources is your responsibility. How quickly could you recover your critical Azure AD resources—user, group, and role objects—after a cyber incident that compromised the Azure service?

Even after Azure comes back online, you might discover that you no longer have those critical Azure AD objects that enable authentication and access control to cloud-hosted apps and services. As the authentication service for Microsoft 365 and other cloud applications and services, Azure AD is home to certain objects that exist only in the cloud and cannot be replicated in your on-premises Active Directory environment. Therefore, you need a recovery strategy that is specific to Azure AD. Without the ability to quickly recover Azure AD resources, your business operations will stall, even if Azure AD is back online.

Screenshot of Recovery for Azure AD

Based on our experience working with organizations with hybrid AD systems, we know that an attack on Azure AD could leave their critical role, user, and group objects vulnerable. That’s why we developed Semperis Recovery for Azure to address this gap. Semperis Recovery for Azure AD:

  • Backs up and recovers Azure AD user, group, and role objects—and their attributes
  • Restores soft-deleted (still in the Azure AD recycle bin) user, group, and role objects
  • Restores hard-deleted user objects even if they have been removed from the Recycle Bin (potentially by an attacker)
  • Displays activity performed in the application
  • Takes advantage of Semperis-hosted secure storage of Azure AD with an option to bring your own encryption key
  • Employs industry-leading encryption standards and provides isolated storage dedicated to your organization. Your Azure AD backups are protected both in transit and at rest, assuring the safety and confidentiality of your sensitive identity data
  • Is SOC2 Type II compliant and ISO 27001 certified

For organizations with hybrid AD systems, guarding against cyber attacks is challenging. Semperis Recovery for Azure AD provides secure, manageable, and reliable backup services for critical Azure AD data, eliminating time-consuming storage management processes and ensuring a fast post-attack recovery.