Disaster Recovery for Entra Tenant

Disaster Recovery for Entra Tenant (DRET) is a standalone software-as-a-service (SaaS) offering that helps IT and security administrators back up and recover Entra ID resources—user, group, and role objects and conditional access policies—that are critical to providing authentication and access to applications and services across an organization’s environments.

Disaster Recovery for Entra Tenant covers a critical security gap for organizations that operate in a hybrid or cloud-only identity environment—most commonly with on-premises AD synched to Entra ID (formerly Azure AD). Many organizations mistakenly assume that Entra ID backups conducted by Microsoft are sufficient to protect their business operations.

While Microsoft is responsible for Entra ID’s back end, the responsibility for effectively restoring Microsoft 365 groups, directory roles, and other objects falls squarely on the customer. As the authentication service for Microsoft 365 and other cloud applications and services, Entra ID is home to certain objects that only exist in the cloud and cannot be replicated in your on-premises Active Directory environment. As a result, organizations need a recovery strategy that is specific to Entra ID. Without the ability to quickly recover Entra ID resources, business operations will stall—even if Entra ID is back online.

With Disaster Recovery for Entra Tenant, customers can safely back up critical Entra ID resources, quickly recover resources after a cyberattack, and maintain control of their data security.

Disaster Recovery for Entra Tenant protect critical identity resources that the Entra ID recycle bin leave behind:

• Recovers soft-deleted users 
• Recovers soft-deleted Microsoft 365 groups
• Recovers hard-deleted user objects
• Recovers security groups
• Recovers conditional access policies
• Supports selective restore of individual objects
• Supports bulk restore of multiple objects
• Retains multiple backup versions
• Provides a restore report with details on the restore job, including object-level reporting
• Automatically recovers inactive Microsoft 365 mailboxes for hard-restored users
• Recovers owners for groups, applications, and service principals
• Recovers Privileged Identity Management (PIM) active role assignments
• Recovers owners for groups, applications, and service principals
• Backs up and restores custom roles and role assignments
• Supports ability to compare administrative units
• Recovers hybrid groups
• Backs up and restores external identities policies
• Backs up and restores authentication flow policies
• Backs up and restores authorization policies

Semperis-hosted storage gives you secure, reliable backup services for your Entra ID data, giving IT and security teams peace of mind and eliminating time-consuming storage management processes. As a part of the Disaster Recovery for Entra Tenant (DRET) solution, the backup process calls the Microsoft Azure AD Graph API via a secure session and backs up the customer data. The backup is then encrypted and stored in a customer-dedicated container in the Semperis Azure subscription storage device. 

The Semperis Azure subscription storage device is protected by multiple security controls, including:

• Sixteen nines of designed durability with geo-replication and flexibility to scale as needed
• Authentication with Azure Active Directory and role-based access control (RBAC)
• Encryption at rest
• Advanced threat protection
• Policy-based access control
• Immutable (WORM) storage
• Choice of Microsoft data centers in the US, EU, Canada, or Australia
• System-managed encryption key provided at onboarding with an option to bring your own encryption key