Nexetic Backup for Entra ID requires it's own subscription. You can order the service directly from Nexetic. It will also be published in ALSO Cloud Marketplace in the beginning of August 2024.
Step 1. Sign into the backup portal
Open your web browser and go to the following address: https://shield-cloud.nexetic.com/. Select Sign in with Microsoft 365. Insert your Microsoft 365 credentials for the tenant you want to back up.
Resellers can also sign in via Nexetic Portal.
Note
App permissions have to be granted as part of the service activation, so the user account must be Global Administrator.
Step 2. Select Backup for Entra ID
Click the icon in the top-left corner of the page and select Backup for Entra ID.
Step 3. Select Settings page
Enter the Settings page by clicking the gear wheel icon in top-right corner of the page.
Step 4. Grant app permissions
Yo must grant permissions for the backup application to back up (read) and restore (write) data. If you haven't already granted the necessary permissions, you will see the 'Grant admin consent' button at the Settings page. You can proceed to grant the needed app permissions by clicking the Grant admin consent button.
You will be directed to Microsoft sign-in process. Sign in with your Microsoft 365 Global Admin account and click Accept on the admin consent screen.
After granting admin consent, you will be directed back on Settings page and you can proceed to make the backup selections. By default backups for all directory objects are disabled (slide switches in gray colour).
Step 5. Configure the backup
You can select the following Entra ID directory objects for backup:
- Users
- Groups
- Buil-In Roles
- Custom Roles
- App Registrations
- Enterprise Applications
- Conditional Access Policies
- Devices
- Device Configurations
- Device Compliance Policies
- Admin units
- Sign-In Logs
- Audit Logs
- Bitlocker Keys
Enable backup by clicking the slide switches. You can choose freely which directory objects you want to back up; e.g. you can only back up Users, Groups and Sign-in logs. However, each selected directory object is backed up as a whole, so each selection covers the whole tenant. It is not possible to back up for example only part of the users, only users in certain groups, or only selected applications etc.
Step 6. Trigger full backup
Once you have granted app permissions and made backup configurations, the first full backup will start automatically with the current 2-times-per-day scheduling - so within the next 12 hours. You can also start the backup manually by clicking the icon at the top-right corner of the Settings page.