I’d position the following scenario to you as hypothetical but the reality of it is we have all been there at one time or another. Either as the result of a rogue script, a complete accident, or even malicious behavior, many are familiar with that sinking feeling when you noticed certain Azure Active Directory (Azure AD) objects have been deleted. Whether it be Users, Groups, Enterprise Apps, or Application Registrations, businesses rely on these Azure AD objects. Without them, key employees can lose access to critical data, connected applications can fail to function, and perhaps the worst of all, employees lose access to critical collaboration tools within Microsoft 365. 

Without a properly functioning and configured Azure AD, your business can be at a standstill. It’s of the utmost importance that organizations have the tools and processes in place to ensure that Azure AD is protected and that objects can be restored in the most efficient manner.

Safeguard your Azure AD Objects

At Rubrik, we understand that organizations need a simplistic, unified, flexible, and efficient approach when it comes to protecting Azure Active Directory, which is why we are planning to build in support for your AAD Users, Groups, Enterprise Apps, and Application Registrations directly into Rubrik Security Cloud as a fully-hosted solution.

Azure AD

After providing one-time OAuth access to your Azure subscription, Rubrik will automatically discover and inventory all of the respective Azure AD objects, bubbling them up within the Rubrik Security Cloud dashboard. For those who wish not to provide OAuth access to their environments, customers will be able to manually configure the Enterprise Application and Service Principal, with the resulting information being provided to Rubrik. From here, customers can leverage Rubrik’s policy-driven protection by applying Global SLAs to their Azure AD objects. Once assigned, Rubrik will automatically ensure that backups occur, adhering to the constructs set forth within the SLA Domain, such as how often to backup, and how long to keep those backups around. Immutable backups are stored, meaning that once they are written they cannot be changed, protecting them from dangerous threats and cyber attacks. 

Being a fully-hosted solution, Azure AD backups will be stored within a customer-specific storage account within Rubrik’s subscription, providing a logical air gap between your organization and its subsequent backups.

Azure AD Object Level Recovery

As important as backups are, they don't do much good unless they can be efficiently restored, which is why Rubrik always places a major focus on cyber recovery and this is no different for Azure AD. Rubrik will not only restore the individual Azure AD objects back to their original location but also ensure that the object's relationships are recovered as well. 

For example, restoring a user is simply not enough, we also need to restore the user's group memberships. Rubrik automates the tedious tasks of rebuilding an object's relationships during the restore process, ensuring that when objects are restored, they contain the same attributes they had when they were backed up.

rubrik MS onmicrosoft.com

Rubrik object-level recovery for Azure AD also leverages Microsoft’s Recoverability best practices. For those objects that have been soft deleted, API calls are automated through Rubrik Security Cloud to recover these objects from the Azure AD Recycle Bin. This allows objects to retain all their properties and unique identifiers. For objects that have been hard deleted, or do not exist within the recycle bin, Rubrik will reconstruct and recreate these objects using the backup data, again, ensuring all group memberships are also recovered.

The deletion of critical Azure Active Directory objects can have catastrophic consequences for organizations. Without the proper tools and processes in place, organizations run the risk of prolonging downtime during recovery, all the while users lose access to data, and critical applications are inaccessible. 

Rubrik provides a simplistic and efficient method to ensure you can recover your Azure AD Objects quickly, avoiding costly disruptions and reputational damages to your organization. To learn more about the latest cyber resiliency solutions from Rubrik, join us at Forward to hear from customers, partners, and security leaders and get hands-on with Rubrik Security Cloud. Register for Forward here.

Safe Harbor Statement

Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available."