Objects backed up within Entra ID
Growth of total objects backed up over 12 months
Organizations that perform full restores monthly
While this is a large and growing user base for Microsoft, many enterprises struggle with managing this new, evolving identity environment, especially as the majority of organizations maintain hybrid identity infrastructure (both on-premises Active Directory and Entra ID). They turn to Quest to help migrate, manage, protect, back up, and restore these new cloud-based identities as part of their overall Identity Threat Detection and Response (ITDR) practice, including utilizing Quest On Demand Recovery, a SaaS-based Entra ID backup and recovery solution.
Based on analysis of anonymized telemetry data from the Quest On Demand Recovery, we found several interesting insights into the backup and recovery trends of cloud-based identities.
Over the past year, organizations have collectively backed up around 37 billion objects within Entra ID. including:
The total objects backed up have grown by nearly 30% over 12 months, with device backups growing even faster at 44%.
Nearly 99.74% of organizations automate their backups, reducing the risk of errors and ensuring that data is protected without manual intervention.
As organizations continue to grow their usage of Entra ID due to the inherent security and incentives like the MACC program, they will need to understand and evaluate where Microsoft’s responsibilities for backup and restore ends and what is and is not covered. While new skillsets are being developed for cloud deployments, existing processes and proven methods should be leveraged as much as possible to accelerate adoption even further.
Microsoft offers various backup and recovery strategies and tools, but it’s a shared responsibility with the end user per the service agreement. In other words, it’s incomplete and requires PowerShell scripting and deep knowledge of Entra ID APIs. For this reason, many organizations turn to third-party providers like Quest to fill the gaps in backup and recovery. Those gaps include soft deleted items in the Recycle Bin. These items are only retained for 30 days and then they are hard deleted (and cannot be recovered by native tools). Also, changes to objects do not go into the Recycle Bin, making it impossible to recover them using native tools.
Furthermore, the Recycle Bin only covers limited restores of users, groups and application registrations. For example, linked objects and relations such as group members and role assignments are not restored. Administrators must manually restore these relationships, which can be a complex and time-consuming process. Additionally, Conditional Access Policies are also not saved and restored within the Recycle Bin, which breaks the security of Entra ID for the restored user.
Additional gaps exist around device objects. Organizations have a growing set of Entra ID-joined devices through their own endpoint modernization and Active Directory modernization journeys, which means its critical for user productivity and organizational security to back up and restore device objects. Entra ID device objects manage access, enforce security policies and ensure only compliant devices can access corporate resources. When these objects are missing or corrupted, users will lose access to applications and services, thus impacting productivity.
As organizations continue to adopt cloud services and SaaS solutions, the need for a robust Entra ID backup and recovery strategy becomes increasingly critical to maintain productivity and organizational security.
Gartner names Quest as a representative vendor in the following reports:
Quest creates software solutions that make the benefits of new technology real in an increasingly complex IT landscape. From database and systems management, to Active Directory and Microsoft 365 migration and management, and cybersecurity resilience, Quest helps customers solve their next IT challenge now. Around the globe, more than 130,000 companies and 95% of the Fortune 500 count on Quest to deliver proactive management and monitoring for the next enterprise initiative, find the next solution for complex Microsoft challenges and stay ahead of the next threat. Quest Software. Where next meets now. For more information, visit www.quest.com.
ISO Certifications: Quest On Demand is included in the scope of the Platform Management ISO/IEC 27001, 27017 and 27018 certification.