Cybersecurity risks have evolved. Today’s attackers aren’t just targeting endpoints; they’re going after identities. According to Microsoft’s 2024 Digital Defense Report, over 600 million identity attacks occur daily. A 2024 Forrester survey found that 78% of organizations experienced a breach in the past year, with 22% reporting six to 10 breaches in just 12 months.
For managed service providers (MSPs) managing Microsoft 365® environments, this isn’t theoretical. Microsoft 365 is one of the most targeted platforms, and Microsoft Entra ID (formerly Azure AD), the identity layer, is now a critical front line. Since July 2024, a cyber gang, Racoon365, that focuses on attacking Microsoft 365 has developed kits to steal at least 5,000 Microsoft credentials from 94 countries.
Key takeaways
- Identity attacks against Microsoft 365 are accelerating, with Entra ID emerging as a prime target for cybercriminals.
- Native Microsoft retention and recovery tools don’t offer ransomware rollback, immutable storage, or full compliance support.
- Cloud backup for Microsoft 365 provides frequent snapshots, unlimited retention, and point-in-time restores that traditional methods lack.
- ConnectWise Cloud Backup™ now includes Entra ID backup and recovery, giving MSPs the ability to protect users, groups, and directory settings.
- Compliance-ready features such as immutable cloud storage, audit reporting, and granular restore help MSPs strengthen business continuity and client trust.
What are identity attacks, and why do they matter
Most MSPs and IT professionals are familiar with phishing, malware, and ransomware. These attacks aim to steal data or disrupt systems. Identity attacks, however, aim directly at authentication and access. Examples include:
- Stolen credentials being reused in Microsoft 365.
- Automated password spray attacks until one succeeds.
- Malicious apps tricking users into granting broad permissions (OAuth consent phishing).
- Privilege escalation inside Entra ID, where an attacker takes a normal account and elevates it to admin.
Here’s what we know from recent research: Microsoft reports that more than 99% of identity attacks are password-based, often enabled by predictable human behavior such as reused or weak passwords, or falling for phishing attempts.
While ransomware locks up data, identity attacks hand attackers the keys to the Microsoft 365 kingdom.
Why Entra ID coverage matters
Once Entra ID objects or policies are changed or deleted, Microsoft provides no built-in rollback. Without dedicated backup, recovery is nearly impossible. By backing up users, groups, and configuration data, MSPs can:
- Recover from identity-based attacks.
- Roll back directory corruption caused by sync errors or malicious changes.
- Help keep clients compliant by demonstrating identity resilience.
And from a business perspective, Cloud Backup for Microsoft 365 with Entra ID data protection helps MSPs:
- Simplify their operations by offloading repetitive backup monitoring and restore workflows.
- Build trust by demonstrating compliance, resilience, and fast recovery to clients.
- Grow revenue by differentiating their service stack with identity protection that other backup providers don’t offer.
Why traditional Microsoft 365 backup solutions fall short
Many MSPs still rely on traditional backups, such as local appliances, image-based backups, or Microsoft’s native retention policies to protect client data. But these methods weren’t designed for modern solutions. The gaps are real:
- Retention limits: Exchange may only retain deleted emails for 14-30 days, and SharePoint and OneDrive recycle bins are emptied after 93 days.
- No ransomware rollback: If files are encrypted or corrupted, the native tools can’t roll them back to a safe restore point.
- Compliance risks: Native retention doesn’t satisfy frameworks such as HIPAA, GDPR, or NIS2, leaving clients exposed.
- No identity protection: Entra ID has no built-in backup, meaning directory corruption or malicious deletion can’t be reversed.
Traditional backups focus on infrastructure. But in Microsoft 365, data and identity are what truly need protection.
Why Cloud Backup is the right choice for Microsoft 365
Cloud Backup solves these challenges because it’s purpose-built for solutions such as Microsoft 365. Instead of relying on short retention periods or complex on-premises storage, Cloud Backup provides:
- Frequent snapshots: Capturing changes multiple times per day.
- Unlimited retention: No more worrying about deleted items vanishing after 30 or 90 days.
- Point-in-time restores: Recover exactly what was lost, whether it’s a single file or an entire mailbox.
- Anywhere recovery: Restore from the cloud directly back into Microsoft 365.
For MSPs advancing their operational maturity, this shift reduces both operational overhead and risk exposure, while laying the groundwork for a more reliable service portfolio.
Regulatory compliance: What MSPs need to know
For many industries backup is a regulatory requirement. Data protection laws and standards around the world increasingly demand robust backup, recovery, and identity safeguards.
Common regulations that MSPs encounter include:
- GDPR (EU): Requires data integrity, availability, and the ability to recover personal data quickly.
- HIPAA (US healthcare): Demands backup and disaster recovery plans for protected health information (PHI).
- NIS2 Directive (EU): Requires resilience and backup for operators of essential services and digital providers.
- PCI DSS (Global payments): Enforces strong access controls and reliable backup processes.
- CCPA/CPRA (California): Consumer rights (access, deletion, correction) hinge on reliable retention and restoration.
- SOX, SOC-2, ISO 27001: Frameworks and audits requiring proof of disaster recovery and data integrity.
Regulations are gaining momentum
As cyberattack threats continue to grow, so has awareness that critical data across industries is at risk. In response to the threats, new regulations are rapidly being put in place to help protect this data. Are you and your clients aware of new regulations, security standards, and privacy laws?
In 2025, the following regulations were put into effect, and this is just a small sample:
- State-level privacy laws (US): More states adopting GDPR-style consumer protections.
- DOJ bulk sensitive data rule (US, 2025): Increased scrutiny over storage/transfer of sensitive data.
- Global CBPR expansion: Strengthening cross-border privacy/data residency obligations.
- Proposed US federal privacy law (APRA): Could unify privacy protections across states.
- AI and data usage regulations: New rules governing how data is used in AI or algorithmic decision-making.
Neither MSPs nor their clients can afford to ignore compliance regulations, and taking immediate action to ensure they can prove compliance with data protection and security regulations is essential.
Why compliance and backup are connected
- Retention and immutability: Many regulations require preserving data for specific timeframes, with protection against tampering.
- Auditability: MSPs must prove who changed what, when, and be able to restore data to specific past states.
- Data residency: Laws increasingly dictate where data can be stored or transferred.
- Differentiation: MSPs that map backup and identity protection to regulation frameworks earn their clients’ trust and loyalty, and they gain a competitive advantage.
By using ConnectWise Cloud Backup, MSPs gain comprehensive, compliance-ready features including unlimited retention, immutable Azure-based storage, detailed reporting, and identity protection, all of which help clients meet regulatory demands without adding complexity.
ConnectWise Cloud Backup: Full Microsoft 365 and Entra ID coverage for MSPs
ConnectWise Cloud Backup for Microsoft 365 provides enterprise-class protection for Exchange Online, OneDrive, SharePoint, Teams, Groups, and now, the identity layer with Entra ID. With ConnectWise Cloud Backup, all Microsoft 365 data is automatically backed up with up to six snapshots daily, unlimited retention, and no storage overages. Key features designed for MSPs include:
- Intuitive portal: Manage multiple clients from a single pane of glass.
- Granular and bulk restore: Recover single items or entire tenants in seconds.
- Automation: Simplify user onboarding and offboarding.
- Compliance confidence: Azure-hosted storage certified against HIPAA, GDPR, NIS2, and Essential 8.
MSPs and their clients benefit when they choose ConnectWise Cloud Backup over the competition, because our solutions are purpose-built for MSPs with deep ecosystem alignment, identity-layer protection, and automation that supports operational maturity.
Ready to deliver true business continuity for Microsoft 365? Schedule a demo today!
