Objects backed up within Entra ID
Growth of total objects backed up over 12 months
Organizations that perform full restores monthly
While this is a large and growing user base for Microsoft, many enterprises struggle with managing this new, evolving identity environment, especially as the majority of organizations maintain hybrid identity infrastructure (both on-premises Active Directory and Entra ID). They turn to Quest to help migrate, manage, protect, back up, and restore these new cloud-based identities as part of their overall Identity Threat Detection and Response (ITDR) practice, including utilizing Quest On Demand Recovery, a SaaS-based Entra ID backup and recovery solution.
Based on analysis of anonymized telemetry data from the Quest On Demand Recovery, we found several interesting insights into the backup and recovery trends of cloud-based identities.
Over the past year, organizations have collectively backed up around 37 billion objects within Entra ID. including:
The total objects backed up have grown by nearly 30% over 12 months, with device backups growing even faster at 44%.
Nearly 99.74% of organizations automate their backups, reducing the risk of errors and ensuring that data is protected without manual intervention.
As organizations continue to grow their usage of Entra ID due to the inherent security and incentives like the MACC program, they will need to understand and evaluate where Microsoft’s responsibilities for backup and restore ends and what is and is not covered. While new skillsets are being developed for cloud deployments, existing processes and proven methods should be leveraged as much as possible to accelerate adoption even further.
Microsoft offers various backup and recovery strategies and tools, but it’s a shared responsibility with the end user per the service agreement. In other words, it’s incomplete and requires PowerShell scripting and deep knowledge of Entra ID APIs. For this reason, many organizations turn to third-party providers like Quest to fill the gaps in backup and recovery. Those gaps include soft deleted items in the Recycle Bin. These items are only retained for 30 days and then they are hard deleted (and cannot be recovered by native tools). Also, changes to objects do not go into the Recycle Bin, making it impossible to recover them using native tools.
Furthermore, the Recycle Bin only covers limited restores of users, groups and application registrations. For example, linked objects and relations such as group members and role assignments are not restored. Administrators must manually restore these relationships, which can be a complex and time-consuming process. Additionally, Conditional Access Policies are also not saved and restored within the Recycle Bin, which breaks the security of Entra ID for the restored user.
Additional gaps exist around device objects. Organizations have a growing set of Entra ID-joined devices through their own endpoint modernization and Active Directory modernization journeys, which means its critical for user productivity and organizational security to back up and restore device objects. Entra ID device objects manage access, enforce security policies and ensure only compliant devices can access corporate resources. When these objects are missing or corrupted, users will lose access to applications and services, thus impacting productivity.
As organizations continue to adopt cloud services and SaaS solutions, the need for a robust Entra ID backup and recovery strategy becomes increasingly critical to maintain productivity and organizational security.
Gartner names Quest as a representative vendor in the following reports:
Quest creates software solutions that make the benefits of new technology real in an increasingly complex IT landscape. From database and systems management, to Active Directory and Microsoft 365 migration and management, and cybersecurity resilience, Quest helps customers solve their next IT challenge now. Around the globe, more than 130,000 companies and 95% of the Fortune 500 count on Quest to deliver proactive management and monitoring for the next enterprise initiative, find the next solution for complex Microsoft challenges and stay ahead of the next threat. Quest Software. Where next meets now. For more information, visit www.quest.com.
ISO Certifications: Quest On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certification.
Establish a complete Entra ID recovery plan that minimizes downtime with no impact on end users. On Demand Recovery makes it possible. Run difference reports comparing your backups with live Entra ID to identify cloud-only users or attributes and pinpoint specific changes or deletions. Granularly search and restore exactly what you need or recover multiple users, groups and group memberships in bulk without PowerShell. This Entra ID recovery solution helps you mitigate the risk of data loss or service outage from human error and save valuable time and resources.
Complete Active Directory and Entra ID recovery are essential for every organization in today’s cloud-based IT infrastructure. With businesses increasingly deploying hybrid cloud environments, a solid on-premises AD recovery plan alone isn’t sufficient any longer. Organizations now have more users and business data across Entra ID that need to be protected, including cloud-only objects such as Microsoft 365 and Entra ID groups, Azure B2B accounts, conditional access policies and more. On Demand Recovery will help your organization realize a complete Entra ID recovery plan that encompasses your entire hybrid environment, from on-premises data centers to the cloud.
As organizations continue to adopt cloud services and SaaS solutions, the need for a robust Entra ID backup strategy becomes increasingly critical. Our scalable solution adapts to your evolving business needs, whether you're operating in a public cloud, private cloud, or hybrid environment. By leveraging virtualization technologies and offering cloud storage options, we provide a flexible, as-a-service model that simplifies provisioning and management of your recovery infrastructure.
Our comprehensive Entra ID recovery solution integrates seamlessly with popular cloud platforms like AWS, ensuring compatibility with your existing IT infrastructure. Whether you're managing virtual machines or physical servers, our system provides the tools necessary to streamline your data protection and access management processes. By centralizing these functions, we help you reduce complexity, minimize risk, and ensure that your business-critical data and applications remain available and secure at all times.
Expand the protection of both your Azure and Entra ID recovery by easily restoring hybrid and cloud objects including: user accounts, B2B users, Microsoft 365 and Entra ID groups, applications and devices. This cloud-based solution simplifies the restoration process, ensuring business continuity for your mission-critical systems.
Fortify your recovery plans with robust Entra ID backup capabilities. Back up and restore cloud-only attributes for hybrid objects including membership in cloud-only groups, application roles assignments, directory role membership, Office License type, authentication contact info (including MFA settings) and Azure application custom attributes. This comprehensive approach to Entra ID backup ensures that your business data remains secure and recoverable.
Integrate with Recovery Manager for Active Directory for a complete hybrid Entra ID recovery solution, providing true peace of mind. Pairing these solutions delivers a single, centralized recovery dashboard for both hybrid and cloud-only objects. Get details and capabilities that native tools don’t provide, run difference reports, and restore changes directly from the report, streamlining your IT infrastructure management.
Run difference reports to compare changes or deletions made in both on-prem AD and Entra ID with any previous backup. Select and roll back only what’s required rather than restoring the entire object. This enables simple, fast recovery directly from the reporting interface, allowing administrators to respond quickly to any data loss or corruption.
Recover multiple on-prem AD, Entra ID and Microsoft 365 users, groups, attributes and other object properties simultaneously, without requiring PowerShell scripting. Easily restore almost anything that has been deleted — either accidentally or maliciously — ensuring business continuity and minimizing downtime.
Restore users, groups, attributes and other object properties in minutes rather than hours while removing the need to access multiple admin interfaces on premises and in Entra ID. This centralized approach simplifies management and improves efficiency for IT administrators.
Search for modified or deleted on-premises and cloud-only objects, either entire user accounts or just specific attributes, and restore exactly what you need. Reduce the risk of manual error and ensure all recovery-related tasks are auditable.
Ensure top-level Entra ID recovery by easily and securely backing up critical data in Azure Storage, including Entra ID and Microsoft 365 users, attributes, groups, group memberships, and Azure applications. Choose the backup retention period that best fits your company’s compliance needs and never worry about not being able to recover what you need. Our solution employs end-to-end encryption to protect your sensitive data throughout the backup and recovery process.
When Microsoft 365 mailboxes are deleted - either intentionally or mistakenly – you lose the connection between the Microsoft 365 mailbox and email data. On Demand Recovery re-connects a user’s mailbox to their mailbox data. Quickly restore user access with no email data loss and minimal impact on productivity.
Available in the following Microsoft Azure regions: