Search

Entra Backup

Doug Chanin
Doug Chanin
  • Updated

Topic

This article explains the process for creating an Entra ID backup plan.

Environment

Dropsuite

Description

Entra ID, formerly known as Azure Active Directory (Azure AD), is Microsoft's cloud-based identity and access management service. It supports secure sign-ins, single sign-on (SSO), multi-factor authentication (MFA), identity protection, and integration with thousands of third-party applications. The following definitions and instructions will help you get started with Dropsuite Entra ID backups.

Dropsuite Entra Backup

Dropsuite Entra Backup protects key Microsoft identity components, including Users, Groups, and Roles, and Admins. This solution offers quick setup, precise snapshot search, attribute-level restore, and live data comparison to help quickly identify and recover from cyber threats or accidental deletions.

Entra Backup management is only accessible to resellers via the Partner Portal. Individual organizations cannot currently manage their own Entra backups, so resellers will need to manage Entra backups on behalf of their organizations.

Entra Backup NFR

The NFR (Not-for-Resale) license for Entra Backup is live and is available on the Dropsuite Partner Portal.

What's Included in Your NFR Plan

Your current Backup or Archive plan now includes Entra Backup functionality. Only paid plans will display updated product types (for example, "Backup + Entra" or "Archive + Entra"). This update does not impact the functionality of your current Backup or Archive NFR use.

How to Access Entra Backup in NFR Plans

The addition of Entra Backup allows you to explore its features as part of your NFR plan. To access it, perform the following steps.

  1. Log in to the Partner Portal.
  2. Navigate to the Organizations page.
  3. Click the Access Entra Portal link for organizations using NFR plans.
Figure 1: Access Entra Portal (click to enlarge)

Transitioning to Paid Plans

Customers using Entra Backup through NFRs will also gain access to its features. To continue using Entra Backup after the NFR period:

  • Transition these organizations to a paid plan that includes Entra Backup.
  • Paid plans such as "Backup + Entra" and "Archiving + Entra" can be created and assigned like existing Backup and Archive plans.
  • Downgrading from a "Backup + Entra" and "Archiving + Entra" will require a support ticket.

Create and Assign Entra Plan

To start reselling Dropsuite Entra Backup, you need an Entra plan. This plan is the basis for billing and payments to your clients or organizations. Before experiencing a bundle of email and Entra backups, you must ensure the Entra SKU is available on the portal.

  1. Navigate to the Create New Plan page to find Entra SKU under the Product Type field.  
Figure 2: Product Type (click to enlarge)
  1. Contact the support team if you cannot find the Entra subscription under the Product Type field. The configuration might not be active yet.
  2. Complete the form, then click the Save button.
    • Plan name: No specific requirements.
    • Product Type: Choose Backup Entra or Archiver Entra.
    • Currency: Select the currency for billing.
    • Periodicity: Choose between monthly or yearly billing.
    • Assign plan for: Select the partner. 

Once you've created your Entra plan, it will appear on the plan list with the Entra label.  

Figure 3: Plans (click to enlarge)

Create a New Organization with an Entra Plan

After creating the Entra plan, you can continue to create a new organization with that plan. 

To create the plan, complete the following fields:

  • First and Last Name: The person's name.
  • Email Address: Each organization must have a unique email address. You are not allowed to input the same email address.
  • Country: Select your country from the options.
  • Partner: Select the partner the organization belongs to (required to choose a plan).
  • Plan: Choose Backup Entra or Archiver Entra.
  • Organization Name: The name of the organization.
  • Auto License: Enables automatic addition of backups.
  • Send Sign-In Email: Option to send an email with login credentials. This checkbox is configurable. If you want to hide it, navigate to the Notification Settings on the first row under the User Management Notification settings.

Once saved, the organization will appear with the Entra plan label, and you will now have the option to log in to the Entra Portal or Email Portal.

Manage an Entra Organization

Once you have created an organization with an Entra plan, you can manage the following settings:

  • Edit General Info: Update name, email, and organization details. Be cautious when changing your email address, as it will affect your login ability.
  • View API Token: Access the token for API usage.
  • Update Subscriptions: Modify the plan type or seat count.
  • Suspend Subscriptions: Inactivate the login, but backups continue.
  • Unsubscribe Subscriptions: Inactivate login and halt backups.
  • Delete Subscriptions: Remove login access, stop backups, and delete all data.
  • Enable/Disable Features: Configure features on the End-User Portal.
  • View Credentials: Display credentials and their statuses.

Limitations:

The following items are known limitations:

  • Organization deletion is currently not available.
  • You will have to manage organization transfers manually.

Entra Role-Based Access Control

The table below lists each partner role and corresponding access permissions in the Entra portal.

Feature Owner Super Admin Admin Support Finance
View tenant list Yes Yes Yes No No
View system status backup Yes Yes Yes No No
View system status restore Yes Yes Yes No No
View system status download Yes Yes Yes No No
Download system status result Yes Yes Yes No No
View tenant detail Yes Yes Yes No No
Activate tenant Yes Yes Yes No No
View tenant config Yes Yes Yes No No
Update tenant config Yes Yes Yes No No
Execute tenant backup Yes Yes Yes No No
Execute tenant download Yes Yes Yes No No
View object list Yes Yes Yes No No
View object type list Yes Yes Yes No No
View object detail and search Yes Yes Yes No No
Restore object Yes Yes Yes No No
View secret key (Bitlocker) Yes Yes Yes No No
The Admin role is closely tied to the Group Management feature. If you have not assigned a group manager to your account, you will not be able to access it.
We have not fully implemented role-based access controls on the backend. In the UI, the roles only apply to the Owner, Super Admin, and Admin roles. We have not yet implemented RBAC for Support and Finance.

FAQs

Can I upgrade Backup Entra to Archiver Entra?

Yes, but downgrading is not permitted. To upgrade:

  1. Log in to the Partner Portal.
  2. Navigate to the Organization page.
  3. Select the organization and navigate to the Subscriptions tab.
  4. Choose the new Archiver Entra plan, then click Update.

Can I switch an Entra plan to a non-Entra plan?

No, switching from an Entra plan to a non-Entra plan is not permitted. You can update your plan as outlined below:

  • Backup Entra → Archive Entra
  • Backup → Backup Entra
  • Backup → Archive Entra
  • Archive → Archive Entra

What permissions does Dropsuite need to backup and restore Entra?

When setting up Entra ID, you must grant Dropsuite the following permissions.

The app will be able to:

  • Sign in and read user profiles
  • Read and write custom security attribute assignments
  • Read and write all group memberships
  • Read organization information
  • Read and write all directory RBAC settings
  • Read and write all users' complete profiles
  • Read and write to all groups

What Device Management Policy types will Dropsuite backup?

Dropsuite supports backing up the four types of device management policies below. It does not support and will not back up any other device management policy.

  1. DeviceCompliancePolicies
  2. CompliancePolicies
  3. ConfigurationPolicies
  4. DeviceConfiguration

Additional Resources

Review Setting Up Entra ID Backup to define your backup once you've got your plan in place.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request