What if a malicious attack deleted your Microsoft Entra ID (formerly Azure Active Directory) objects? Or what if hundreds of objects get deleted across your Microsoft OneDrive account from a rogue script? Think about it. If you’re a large enterprise customer, would you be prepared to rapidly recover from these scenarios at scale?
If you’re not able to answer with a resounding “Yes!”, then read on, as Microsoft’s announcement of its new Microsoft 365 Backup Storage solution and our news about a new Rubrik integration with Microsoft 365 Backup Storage within Rubrik Security Cloud - may be something you seriously want to consider.
What is Microsoft 365 Backup?
As previously announced by Microsoft, Microsoft 365 Backup Storage will provide recovery for large volumes of OneDrive, SharePoint, and Exchange Online data at “unprecedented speeds” with a restore service level agreement (SLA) -- while keeping it all within the Microsoft 365 security boundary. With Microsoft 365 Backup, you can:
Backup all or select SharePoint sites, OneDrive accounts, and Exchange mailboxes in your tenant
Restore files, sites, and mailbox items in your tenant in parallel to a prior point-in-time in a granular manner or at massive scale
Search or filter content in your backups using key metadata such as item or site names, owners, or event types within specific restore point date ranges.
Rubrik Data Protection for Microsoft 365 Backup
Now, Microsoft is also working to deliver integrated solutions with select partners through Microsoft 365 Backup Storage APIs. For our largest, joint Rubrik and Microsoft customers, this means they will have the option to use the Rubrik integration with Microsoft’s Microsoft 365 Backup solution within Rubrik Security Cloud. With the integration, called Rubrik Data Protection for Microsoft 365 Backup Storage, you will be able to:
Realize the benefit of fast backup and restore speeds backed by Microsoft trust
Recover critical Entra ID users and groups in use by your Microsoft 365 environment
Let’s dive into each of these advanced components.
Microsoft APIs for Fast Backup and Recovery
While Microsoft 365 Backup on its own will support one policy per object type (applied at the object type parent level vs. individual users, groups, and sites) and one RPO and retention value, with the Rubrik integration, you will be able to apply a policy to a whole tenant or to a group. And, the parameters you choose to set can be quite aggressive to help meet even the strongest recovery requirements.
For example, you will be able to create a policy that will take a backup every 10 minutes, and will be able to retain that data for 12 months, with variable retention controls coming in the future. Once a policy is created, Rubrik will issue the corresponding API calls into Microsoft 365 Backup Storage in order for Microsoft to handle orchestrating all of the snapshots and data lifecycle operations after the corresponding policy is activated.
From there, Rubrik Security Cloud will go out and discover and inventory all users, groups, and SharePoint sites, making it easy to view snapshots via a calendar-based layout, in which you can then drill down to show all the individual snapshots taken every 10 minutes, as in the example above, on a specific date.
Having such a low RPO implemented is sure to be well received by any backup administrator. Being able to recover a user mailbox, OneDrive account, or entire SharePoint site from backups taken at 10-minute intervals, plus the ability to apply protection to a whole group with the Rubrik integration and easily recover a whole group at once will be incredibly useful. It can also drastically reduce potential data loss and minimize business disruption.
Plus, the performance behind both the Microsoft backup and restore processes is also designed to minimize costly downtime and provide a very highly available data environment.
Microsoft Entra ID Protection
Rubrik previously announced protection for Entra ID objects, and as part of that, can offer protection for Microsoft 365 users and groups for the integrated solution. Recovery of Entra ID for Microsoft Exchange, SharePoint, and OneDrive fulfills the need for this first, critical step in the overall Microsoft 365 recovery process.
In fact, Rubrik protection for Entra ID, which will also be included in the license for Rubrik Data Protection for Microsoft 365 Backup Storage, may be one of the most desirable additions Rubrik makes to Microsoft’s native backup solution. Recovery for the Entra ID of mailbox, SharePoint or OneDrive objects can be a slow, manual process to create from scratch with Microsoft's built-in backups for Entra ID alone. Rubrik will further streamline restores for Microsoft customers who require fast, scalable recovery above all else via the Microsoft APIs. The relevance in today’s attack landscape is also undeniable, as 9 out of 10 cyber attacks target Entra ID.
Plus, your organization may require additional protection of objects like deleted users or groups for both compliance and auditing purposes. You may also require the ability to perform granular recovery of configurations and to restore conditional access policies or settings for role-based access control (RBAC) or custom domains.
Another benefit of Rubrik protection is that the Entra ID backups are fully hosted, meaning they are air gapped away from your production Entra ID environment. In a cyberattack scenario, this helps ensure you can still recover even if the Entra ID recycle bin is purposely purged during the attack.
How Rubrik Entra ID Recovery Works for Microsoft 365
Even in the event of Entra ID credential compromise, Rubrik can help you automatically re-create Microsoft Entra ID objects, restoring critical data while also keeping roles, permissions and cross-object relationships intact.
The recovery process is simple and twofold:
First, perform Entra ID recovery by selecting the users and/or groups you wish to restore. Click to recover.
Then, recover your data. Select one object or a whole group of Exchange, OneDrive, or SharePoint Sites. Click to recover.
And that’s it!
While deletion of critical Microsoft 365 data and Entra ID objects can be a frightening reality, rest assured that Rubrik can help you recover quickly - and avoid the costly business disruption or reputational damage that comes with trying to manually restore both your data and your essential configurations.
Rubrik-hosted Microsoft 365 Data Protection
Now, our existing Rubrik-hosted Microsoft 365 Data Protection solution offers some very powerful security and compliance-driven options for Rubrik-managed backup and recovery, including Sensitive Data Monitoring.
But this new integrated solution with Microsoft 365 Backup is a great option for very large Microsoft 365 environments in terms of scalable backup and recovery at unprecedented speed.
And, it will be able to be used within Rubrik Security Cloud alongside our Rubrik-hosted solution to centralize management of Microsoft 365, other SaaS, hybrid Azure, and multi-cloud workloads within a single pane of glass. You will also be able to more comprehensively protect your data across Microsoft Exchange, SharePoint, OneDrive, and Teams, as Rubrik-hosted protection provides protection for Teams like data in Teams channels.
See the Full Microsoft 365 Backup Integration Demo
SAFE HARBOR STATEMENT: Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.