Why SaaS backup for Azure AD is essential

| By:
Sagar Kamat

As technology improves, we've come to rely more heavily on cloud-based services. However, this creates the potential for additional cybersecurity risks and challenges. While cybersecurity is an area of focus for many organizations, it's possible you could have a blind spot in your data protection strategy: Azure Active Directory (AD). In this blog, we'll explore what Azure AD is, why SaaS backup for Azure AD is so important, and what businesses need to know to keep their data safe. 

What is Azure AD? 

Azure Active Directory (AD) is a cloud-based identity and access management service from Microsoft. It controls access to applications and app resources, based on your business requirements, including provisioning users, entitlements, and credentials. It’s used with Microsoft 365, Azure, Dynamics, and Intune.  

With organizations heavily relying on cloud-based identity and access management service, Azure AD has become a critical piece of infrastructure for many businesses, and it is subject to the same potential compromises and cybersecurity threats that Microsoft 365 or on-prem data is subject to. 

Why does Azure AD need to be backed up? 

Azure AD backup services are essential for several reasons: 

  1. Disaster recovery: Azure AD contains critical information, such as user identities, passwords, and application access. In case of potential compromises such as accidental deletion, accidental account closure, file corruption, cybersecurity threats, malicious insider activity or system failure, having a backup of Azure AD data is crucial for disaster recovery. 
  2. Compliance: Many organizations have compliance requirements that mandate data backups. Azure AD backup ensures that clients’ identity data is protected and available for compliance audits. 
  3. Business continuity: Azure AD is a critical component of many cloud-based applications and services. A failure in Azure AD can result in application downtime and business disruption. Azure AD backup ensures that you can quickly restore identity data and maintain business continuity for clients. 
  4. Easy restore: Azure AD backup makes it easy to restore identity data. You can restore data to a specific point in time or recover specific attributes, such as user accounts or group memberships. 
  5. Security: Azure AD backup uses encryption to protect data at rest and in transit. With Azure AD backup, you can be sure that client identity data is secure and protected. 

As a result, it’s imperative to have some sort of backup plan and solution for Azure AD ready. 

The problem with Azure AD Backup’s native capabilities  

Most SaaS applications don’t have native backup and flexible recovery capabilities for user data. Microsoft 365 relies on recycle bins and file version histories as recovery mechanisms, which are not true backup functionalities.  

“We strive to keep the services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve your content or data that you’ve stored. We recommend that you regularly backup your content and data that you store on the services or store using third-party apps and services”
- Microsoft 365 Services Agreement 

Here are some of the key areas where native capabilities fall short: 

Retention: The native restoration capabilities for an accidental Azure AD account deletion, for example, is only 30 days. If your team needed to restore something outside of that period, you would be out of luck. Additionally, if users are permanently deleted from Azure, neither you nor Microsoft customer support can restore a permanently deleted user. For MSP teams, those types of limitations are not acceptable. 

Recovery times: Minimizing downtime is one of the critical roles of any MSP. The native capabilities of Azure AD may not restore business continuity fast enough. In some situations, a day’s lost operations can be crippling for a client. 

Data loss protection: Cyberattack protection is always going to be top of mind for any MSP. In the event of data loss due to cyberattacks, Azure AD Backup may not mark items that your team sees as essential for protection or restoration. 

Limitations: Azure AD Backup does not support some legacy OSs or applications and requires significant bandwidth for any sort of data transfer. 

Expense: If your clients have a large amount of data to backup, require frequent backups, or are looking for a longer retention period, relying solely on Azure AD backup can get expensive quickly.

SaaS Backup for Azure AD: What can you back up? 

Backing up Azure AD ensures limited disruption to your operations during a service interruption. All your usernames and passwords used for authentication can be easily recovered and restored, ensuring your team maintains access to apps, including those that use SAML and OAuth. 


We recommend working with your clients to make sure you have clearly defined recovery point and recovery time objectives. These metrics ensure that there’s a mutual agreement on expectations for how quickly systems will be back online after an incident and what is an acceptable amount of potential data loss. 

For more information on how to back up Azure AD, check out our webinar “Azure AD: The Blind Spot in Your Data Protection Plan 

How SaaS Backup for Azure AD supports MSP operations 

File backup should be top of mind at all times — not just on World Backup Day. By bringing SaaS Backup into the mix, MSPs can reap some of these added benefits. 

  • Simplify backup and restore processes: With an easy-to-use interface, a SaaS backup solution for Azure AD can simplify the backup and restore processes, reducing the need for manual intervention and saving you time. You can also preview Azure AD objects before you restore them and choose specific metadata to restore. For example, if a user gets removed from an "Operations" membership, the backup snapshot will show you exactly when the membership was deleted. Then the backup admin doesn't have to restore the entire user, just the "membership" metadata.  
  • Reduce downtime: In a data loss incident, a backup solution can help you quickly restore your clients' data and reduce downtime, ensuring business continuity. 
  • Improve security: A backup solution can help you ensure your clients' sensitive data is stored securely and protected from unauthorized access or cyber threats. 
  • Expand your service offerings: By adding a backup solution for Azure AD to your service offerings, you can expand your business and generate additional revenue. 

Saas backup for Azure AD provides MSPs with a reliable and efficient backup solution that can help them deliver backup and disaster recovery services to their clients. Because of potential client familiarity, it also provides a solid backup and recovery foundation upon which an MSP can further develop and scale more sophisticated backup systems.  

How MSPs can get started with ConnectWise SaaS Backup for Azure AD 

At ConnectWise, we pride ourselves on offering unmatched software, services, and community to empower IT solution providers to achieve their most ambitious vision of success. As a result, I’m proud to say that ConnectWise SaaS Backup™ offers the broadest coverage in the market in a single platform, covering Microsoft 365 Platform, Microsoft 365 Azure AD, Microsoft Dynamics, Salesforce, and Google Workspace. You’ll also have unlimited cloud storage with configurable retention for up to 99 years. 

You have two levels of coverage to choose from: 

  1. Azure AD standard backup is free for ConnectWise RMM™ users. 
  2. Azure AD advanced backup is a paid option which includes additional capabilities, such as backup of service principals, app registrations, conditional access policies, Intune policies, BitLocker recovery keys, and morey.  

This basic process covers how you can begin establishing SaaS backup for Azure AD for clients and can easily be completed in minutes: 

  1. Evaluate customer needs: Identify the data, applications, and workloads that need to be backed up and determine the backup frequency, retention policy, and recovery objectives. 
  2. Create a SaaS Backup account in the ConnectWise Asio portal: Watch this quick one-min video in ConnectWise University for the necessary steps. 
  3. Add an Azure AD Connector to your SaaS Backup account: Watch this video in ConnectWise University to learn how in under two minutes. 

By following these steps, you can start providing Azure backup and disaster recovery services to your customers. 



Companies of all sizes increasingly rely on cloud-based software-as-a-service (SaaS) applications to streamline daily operations and increase productivity. This includes Azure Active Directory, which allows businesses to manage user identities and access to various resources. While the cloud-based nature of Azure AD provides numerous benefits, such as scalability and flexibility, it is also susceptible to data loss incidents.  

Many businesses wrongly assume that the SaaS provider protects their data, but SaaS providers such as Microsoft Azure typically have shared responsibility models, where the customer is responsible for backing up their own data. By turning to ConnectWise SaaS Backup for Azure AD, MSPs can help clients scale up a backup and recovery system that meets them exactly where their needs and preferences already are. 


Disadvantages of Azure AD Backup include:

  • Cost: Azure AD Backup can be costly for organizations with large amounts of data to back up, especially if they require frequent backups or have a long retention period. The costs can add up quickly, especially when considering additional data transfer and storage costs.
  • Bandwidth limitations: Azure AD Backup requires significant bandwidth for data transfer. This can be a disadvantage for organizations with limited bandwidth, as it can cause slow backup and restore times.
  • Backup limitations: Azure AD Backup has some limitations on what can be backed up. For example, it does not support some legacy applications or operating systems and may not be suitable for all types of data, such as highly sensitive or confidential data.
  • Recovery limitations: Although Azure AD Backup provides a reliable backup solution, it may not be able to meet all recovery objectives. In some cases, a full data restore may take longer than expected, causing delays in restoring business operations.
  • Management complexity: Azure AD Backup can be complex to manage, especially for organizations that do not have in-house expertise in Azure. It requires significant configuration and management, which can be challenging for some organizations.

With this said, many of these issues can be mitigated by a tool like ConnectWise SaaS Backup, making it a no-brainer for MSPs and their clients already established in Azure AD.

You can use the Azure portal, PowerShell, or Transact-SQL to back up an Azure SQL database. Here are the steps to backup an Azure SQL database using the Azure portal:

  1. Log in to the Azure portal and navigate to the Azure SQL database that you want to back up.
  2. Click on the "Export" button on the toolbar.
  3. In the "Export database" blade, specify the storage account and container where you want to store the backup file.
  4. Provide a name for the backup file and choose the format for the backup (BACPAC or DACPAC).
  5. Select the "Storage key" option and choose the storage account key you want.
  6. Click on the "OK" button to start the backup process.
  7. Monitor the backup progress by navigating to the "Notifications" section of the portal.

Once the backup is completed, you can download the backup file from the storage account and store it in a safe location.

Alternatively, you can also use PowerShell or Transact-SQL to back up an Azure SQL database. PowerShell provides cmdlets to export an Azure SQL database to a BACPAC file, while Transact-SQL provides the BACKUP DATABASE statement to back up a database to a BACPAC file.

The Soft Delete feature applies to the following types of backups in Azure:

  • Blob Storage backups: Soft Delete applies to all blob storage backups, including full backups, incremental backups, and log backups.
  • File Shares backups: Soft Delete applies to file share backups when they are stored in the same storage account as the file share.
  • Azure Virtual Machines backups: Soft Delete applies to Azure Virtual Machines backups when they are stored in the same storage account as the virtual machine disks.

Soft Delete does not apply to backups that are stored in a separate storage account, as they are not protected by the Soft Delete feature of the original storage account. Additionally, Soft Delete does not provide protection against data corruption or other types of data loss, so it is important to implement a comprehensive backup and disaster recovery strategy to protect your critical data.

Yes, Azure AD Backup provides encryption for data at rest and in transit. Backup encryption helps protect the confidentiality and integrity of your data during backup and restore operations.

When it comes to selecting the best SaaS backup solution for Azure AD, there are a lot of considerations to keep in mind:

  • Ease of use
  • Reliability
  • Security
  • Cost-effectiveness
  • Customization

You need to consider the needs of your general client base, not just now, but potentially in the future as your clients and MSP business start to scale up.

ConnectWise SaaS Backup fits neatly into all these categories. With its easy-to-use interface and robust backup and restore capabilities, it can help you protect your clients' critical data and ensure business continuity in the face of unexpected events.