Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure Active Directory backup

Steel Contributor


Do one need to consider external backup solution of AAD when having multiple tenants? - can't seem to find any regarding this "topic" in the CAF ?    

8 Replies
No. Backup and DR are Microsoft's responsibility. Only scenario that might bring such needs is unwanted configuration changes, but considering 99% of the settings can only be changed by admins, you can control that. You can also monitor the audit log to capture "unwanted" changes and revert them as needed.
Hi Vasil

Thanks for your reply

what if the enterprise is compromised and hackers takes down the AD tenant...(sounds crazy - but just worst case scenario :)
How will backup help you with that? :) Better focus on securing your tenant, especially admin accounts. But if you are willing to spend $$$, I'm sure there are at least few vendors out there offering backup for AAD.
Indeed. I would also recommend to secure your Azure AD Tenant using P2 together with PIM and Least Privilege. Also go in Governance in General for Azure and Microsoft 365 Services.

I read was has been stated :)

What about backup/restoring of Service Principals, AAD Security groups etc...and from a MSP point of view?

You will have to rely on the different bins (30 days for security Groups and App Registrations).
Microsoft is slowly adding bin / restoration of deleted items but this is not backup. Governance will be the key.

Hi @thijoubertold - Service principals are they "restoreable" through the bin?