Recovery for Azure AD

Guard Azure AD resources from cyberattacks

Safely back up and recover critical Azure AD resources.

Could you recover your Azure AD data after an attack?

How fast could you recover your critical Azure AD resources—user, group, and role objects—after a cyber incident that compromised your Azure service? Even after Azure comes back online, you might discover that you no longer have those critical Azure AD objects that enable authentication and access control to cloud-hosted apps and services. The security implications of implementing a hybrid AD environment can be easily overlooked:

  • Azure AD is home to certain objects that exist only in the cloud and can’t be replicated in your on-premises AD environment.
  • If a ransomware attack strikes, the Azure AD Recycle Bin is of no use if, for example, user accounts are compromised.
  • Without the ability to quickly recover Azure AD resources—user, group, and role objects—your business operations will stall, even if Azure AD is back online
Learn More

The Azure AD Recycle Bin won’t save you

Many organizations mistakenly assume that Azure AD backups conducted by Microsoft are sufficient to protect their business operations. While Microsoft is responsible for Azure AD’s back end, the responsibility for effectively restoring Microsoft 365 groups, directory roles, and other objects falls squarely on the customer.

AZURE AD IS AN ATTACK TARGET

Azure AD is a common target because it’s the most prevalent cloud identity service.

SECURITY MODEL IS DIFFERENT

The potential attack surface expands in a hybrid AD environment.

SECURITY IS KEY TO RECOVERY

Keeping your Azure AD resources secure is key to recovery after an attack.

Protect your critical resources with Recovery for Azure AD

Fast, secure backup and recovery for Azure AD resources

Semperis Recovery for Azure AD gives you secure, reliable backup services for critical Azure AD data, eliminating time-consuming storage management processes and ensuring fast post-attack recovery.

  • Back up and recover user, group, and role objects—and their attributes (including custom roles)
  • Restore soft-deleted (still in Recycle Bin) user, group, and role objects
  • Restore hard-deleted user objects even if they have been removed from the Azure AD Recycle Bin—potentially by an attacker
  • View critical information in a summary dashboard
  • Easily compare backups
  • Take advantage of Semperis-hosted secure storage of Azure AD with an option to bring your own encryption key

How Semperis helps protect Azure AD resources

Most organizations have adopted a hybrid AD environment, typically with on-premises AD authenticated to Azure AD services and apps. But shifting assets to Azure AD doesn’t solve the security problems. As with on-prem AD, Azure AD has its weaknesses, and the hybrid mix creates additional opportunities for attackers. Semperis Recovery for Azure AD protects your critical user, group, and role objects so you can quickly recover if an attack compromises the Azure service.

Challenge

How Semperis helps

Cyberattacks are targeting Azure AD—putting your critical Azure AD resources at risk.
Semperis Recovery for Azure AD safely backs up your Azure AD user, group, and role objects—and provides SOC 2 (Type II) certified secure managed storage.
Keeping your Azure AD resources secure is key to recovering after an Azure AD attack.
Semperis managed storage provides 16 nines of designed durability with geo-replication and flexibility to scale as needed. Plus, you can bring your own encryption key for additional control.
Recovering Azure AD is challenging If an attacker empties the Recycle Bin.
Semperis Recovery for Azure AD helps you safely back up Azure AD resources, quickly recover resources after a cyberattack, and maintain control your data security.

Frequently asked questions about Azure AD object backup and recovery

What is Semperis Recovery for Azure AD?

Semperis Recovery for Azure AD is a standalone software-as-a-service (SaaS) offering that helps IT and security administrators back up and recover Azure AD resources—user, group, and role objects—that are critical to providing authentication and access to applications and services across an organization’s environments.

What problem does Semperis Recovery for Azure AD solve?

Semperis Recovery for Azure AD covers a critical security gap for organizations that operate in a hybrid or cloud-only identity environment—most commonly with on-premises AD synched to Azure AD. Many organizations mistakenly assume that Azure AD backups conducted by Microsoft are sufficient to protect their business operations.

While Microsoft is responsible for Azure AD’s back end, the responsibility for effectively restoring Microsoft 365 groups, directory roles, and other objects falls squarely on the customer. As the authentication service for Microsoft 365 and other cloud applications and services, Azure AD is home to certain objects that only exist in the cloud and cannot be replicated in your on-premises Active Directory environment. As a result, organizations need a recovery strategy that is specific to Azure AD. Without the ability to quickly recover Azure AD resources, business operations will stall—even if Azure AD is back online.

How does Semperis Recovery for Azure AD solve this problem?

With Semperis Recovery for Azure AD, customers can safely back up critical Azure AD resources, quickly recover resources after a cyberattack, and maintain control of their data security.

What are the advantages of using Semperis-hosted storage?

Semperis-hosted storage gives you secure, reliable backup services for your Azure AD data, giving IT and security teams peace of mind and eliminating time-consuming storage management processes. As a part of the Semperis Recovery for Azure AD solution, the backup process calls the Microsoft Azure AD Graph API via a secure session and backs up the customer data. The backup is then encrypted and stored in a customer-dedicated container in the Semperis Azure subscription storage device.

How secure is Semperis managed storage?

The Semperis Azure subscription storage device is protected by multiple security controls, including:

  • Sixteen nines of designed durability with geo-replication and flexibility to scale as needed
  • Authentication with Azure Active Directory and role-based access control (RBAC)
  • Encryption at rest
  • Advanced threat protection
  • Policy-based access control
  • Immutable (WORM) storage

How the hybrid AD security paradigm is different

Learn the top three security risks to watch for when managing a hybrid AD environment.

Read more

Explore more AD security and recovery solutions

More resources

Learn more about securing a hybrid AD environment