How to activate backups for Entra ID

Nexetic Backup for Entra ID requires it's own subscription. You can order the service directly from Nexetic. It will also be published in ALSO Cloud Marketplace in the beginning of August 2024.

Step 1. Sign into the backup portal

Open your web browser and go to the following address: https://shield-cloud.nexetic.com/. Select Sign in with Microsoft 365. Insert your Microsoft 365 credentials for the tenant you want to back up.

entraid-signin-new.png

Resellers can also sign in via Nexetic Portal.

Note

App permissions have to be granted as part of the service activation, so the user account must be Global Administrator.

 

Step 2. Select Backup for Entra ID

EntraID-select-menu.png

Click the icon in the top-left corner of the page and select Backup for Entra ID.

 

Step 3. Select Settings page

entraid-move-to-settings.png

Enter the Settings page by clicking the gear wheel icon in top-right corner of the page.

Step 4. Grant app permissions

Yo must grant permissions for the backup application to back up (read) and restore (write) data. If you haven't already granted the necessary permissions, you will see the 'Grant admin consent' button at the  Settings page. You can proceed to grant the needed app permissions by clicking the Grant admin consent button.

entraid-grant-admin-consent2.png

You will be directed to Microsoft sign-in process. Sign in with your Microsoft 365 Global Admin account and click Accept on the admin consent screen.

entraid-permissions.png

After granting admin consent, you will be directed back on Settings page and you can proceed to make the backup selections. By default backups for all directory objects are disabled (slide switches in gray colour).

entraid-settings-new2.png
 

Step 5. Configure the backup

You can select the following Entra ID directory objects for backup:

  • Users
  • Groups
  • Buil-In Roles
  • Custom Roles
  • App Registrations
  • Enterprise Applications
  • Conditional Access Policies
  • Devices
  • Device Configurations
  • Device Compliance Policies
  • Admin units
  • Sign-In Logs
  • Audit Logs
  • Bitlocker Keys

entraid-settings-new-enabled.png

Enable backup by clicking the slide switches. You can choose freely which directory objects you want to back up; e.g. you can only back up Users, Groups and Sign-in logs. However, each selected directory object is backed up as a whole, so each selection covers the whole tenant. It is not possible to back up for example only part of the users, only users in certain groups, or only selected applications etc.


Step 6. Trigger full backup

Once you have granted app permissions and made backup configurations, the first full backup will start automatically with the current 2-times-per-day scheduling - so within the next 12 hours. You can also start the backup manually by clicking the icon at the top-right corner of the Settings page.

entraid-trigger-backup.png

 

Was this article helpful?
0 out of 0 found this helpful

Articles in this section