Veeam launches SaaS backup for Microsoft Entra ID in Data Cloud
Veeam Software has introduced a Software-as-a-Service (SaaS) backup solution for Microsoft Entra ID designed to strengthen data protection for organisations using the identity management platform.
Microsoft Entra ID, previously known as Azure AD, is currently subject to more than 600 million attacks daily, highlighting the importance of digital identity security. The new Veeam Data Cloud for Microsoft Entra ID aims to simplify data resilience measures for Entra ID tenants and ensure continued access to critical identity and access management assets.
This update represents the latest expansion of Veeam Data Cloud, combining cloud-native technologies and artificial intelligence acceleration to manage and secure data both on-premises and in cloud environments. Veeam states this approach is aimed at improving business continuity and operational efficiency while addressing the complexities of identity management backup.
Niraj Tolia, Chief Technology Officer at Veeam, commented: "Security starts with managing your users and ensuring the right people have access to the right systems. That's why protecting Entra ID is so important, and why it's the latest addition to our Veeam Data Cloud platform. We are giving customers greater simplicity with an enterprise-ready, pre-hardened, and self-configured SaaS solution that removes the burden of managing and maintaining complex backup infrastructure."
The SaaS offering is designed not only as a defence against cybercrime but also to support compliance requirements, overcome recycle bin limitations, reduce the impact of accidental deletions and address policy misconfigurations. The backup and restoration capabilities extend to Entra ID users, groups, application registrations, logs and related metadata, bringing together these functions in an all-in-one cloud-based service with unlimited storage and a consolidated user interface.
Among the primary features detailed by Veeam are enhanced visibility and control over changes within Entra ID to reinforce business continuity, security and regulatory compliance; quick recovery of users, groups, attributes and other objects; and a managed backup service that includes maintenance, updates and security patches overseen by expert teams.
Krista Case, Research Director at The Futurum Group, said: "Protecting Microsoft Entra ID has never been more important. In fact, one in five respondents in Futurum's Cybersecurity Decision Maker IQ research indicated credential compromise/account takeover as a security incident most impacting their organisation. Veeam is making resiliency for these environments, including visibility into potentially malicious behaviour and automated backup jobs, accessible to a broader range of customers by delivering it in a managed and hosted model with the addition of Entra ID protection to Veeam Data Cloud."
Current Veeam Data Cloud customers already using Microsoft 365 protection can now bundle Entra ID coverage with their existing Microsoft 365 Flex and Premium packages, continuing Veeam's pay-per-user approach. This enables businesses to consolidate identity management backup alongside productivity workload protection under a single subscription structure.
The unified interface of the Veeam Data Cloud platform allows customers to manage all of their protected workloads together, extending platform features such as advanced security controls, role-based access, streamlined reporting, and operational simplicity to Entra ID users. Maintenance and updates are managed by Veeam, further reducing the overhead for internal IT teams.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
Veeam named Leader in Gartner 2025 backup & data report
Veeam has been named a Leader in the 2025 Gartner Magic Quadrant for Backup & Data Protection Platforms for the ninth time in a row. Gartner has also placed Veeam in the highest position for Ability to Execute for the sixth consecutive year as outlined in the latest Magic Quadrant, a research report that assesses vendors in the backup and data protection sector. The recognition comes as Veeam has introduced a series of new capabilities, especially within the Veeam Data Cloud portfolio. These developments include expanded protection options for Microsoft SaaS environments, expanded safeguarding for both Microsoft 365 and Entra ID user identities, and new features for predictable, immutable offsite storage to help further guard against ransomware attacks. The company has also launched added support for Salesforce, widening the coverage of secure and recoverable enterprise cloud applications. Market position The Gartner Magic Quadrant is a widely referenced industry analysis which categorises technology providers into four quadrants based on their 'Ability to Execute' and 'Completeness of Vision.' Leaders occupy the highest positions across both axes, reflecting vendor capabilities and ongoing advancement in the field. Gartner analysts report that these distinctions are based on comprehensive, fact-based research and support organisations seeking to align strategic decisions about data protection with the particular needs of their business. Commenting on Veeam's continued placement, Anand Eswaran, Chief Executive Officer at Veeam, said, "Veeam's success is built on serving our customers' needs and supporting them as their technology needs evolve – from delivering the most complete end-to-end cyber resilience capabilities to giving them the freedom to choose where and how to store and use their data." "That commitment to innovation, which has been at the core of our company since its inception, continues today as the world moves to SaaS and as organisations are incorporating AI into their core business processes. Veeam is the one-stop shop for keeping critical data safe no matter what happens." Veeam presently counts over 550,000 customers globally, including nearly 72% of the Global 2000 companies, who rely on its services for data protection and recovery needs. Recent advancements The company has added protection for the identities managed through Microsoft's Entra ID as part of its Microsoft SaaS offering. This, coupled with enhancements in offsite storage, is intended to improve resilience to increasingly prevalent ransomware threats. There is also new support for Salesforce, which means a greater proportion of customer cloud applications are included within Veeam's protective umbrella, responding to increased demand for data security across diverse cloud-based platforms. Gartner Magic Quadrant background The Magic Quadrant is a recurring research tool used by organisations to assess technology vendors. According to Gartner, the reports "are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of providers in markets where growth is high and provider differentiation is distinct." Providers are ranked in the quadrants of Leaders, Challengers, Visionaries, and Niche Players. Gartner emphasises that the Magic Quadrant results should not be interpreted as endorsements or recommendations for a specific vendor, but instead as a resource intended to support organisations as they review the changing data protection landscape and make purchasing decisions based on their individual requirements. Industry landscape The backup and data protection sector continues to evolve alongside new security challenges, particularly the growth in cyber threats such as ransomware and demands driven by artificial intelligence and SaaS adoption. Through its document, Gartner notes that the name and scope of the Magic Quadrant report has adapted to reflect these shifting industry priorities. It highlights the importance of robust research and considered decision making for technology and security leaders seeking to effectively safeguard business operations and data assets.
Techday NZ
2 days ago
- Techday NZ
Semperis warns nOAuth flaw in Entra ID risks SaaS accounts
Semperis has published new research highlighting the ongoing risk posed by the nOAuth vulnerability in Microsoft's Entra ID, which may allow attackers to take over SaaS application accounts with minimal effort. According to the research, nOAuth remains undetected by many SaaS vendors and is very difficult for enterprise customers to defend against. The vulnerability, originally disclosed in 2023 by Omer Cohen of Descope, arises due to a flaw in how certain SaaS applications implement OpenID Connect, particularly when unverified email claims can be used as user identifiers in Entra ID app configurations. This practice contrasts with recommended OpenID Connect standards. Semperis' follow-up investigation examined applications listed in Microsoft's Entra Application Gallery, finding that over a year after its initial disclosure, a substantial portion of applications remain vulnerable to nOAuth abuse. Risk to enterprises The core issue with nOAuth is that attackers require only their own Entra tenant and the email address of a target user to potentially gain full access to that person's account in a vulnerable SaaS application. Traditional defences, including Multi-Factor Authentication (MFA), conditional access, and Zero Trust policies, do not mitigate this risk. This presents a challenge for both developers and end-users. As Eric Woodruff, Chief Identity Architect at Semperis, explained, "It's easy for well-meaning developers to follow insecure patterns without realising it and in many cases, they don't even know what to look for. Meanwhile, customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat." Through comprehensive testing of more than 100 Entra-integrated SaaS applications, Semperis identified that nearly 10% were susceptible to nOAuth exploitation. Once access is obtained via this vulnerability, attackers may exfiltrate data, maintain persistence, and potentially move laterally within the victim organisation's environment. Detection and mitigation challenges Detection of nOAuth abuse is exceptionally difficult, as successful attacks leave minimal traces within standard user activity logs. Deep correlation across both Entra ID and individual SaaS platform logs is required to identify potential breaches. Semperis' research indicates that exploitation continues to be possible, despite the initial public disclosure and vendor recommendations. Highlighting the severity of the nOAuth issue, Woodruff added, "nOAuth abuse is a serious threat that many organisations may be exposed to. It's low effort, leaves almost no trace and bypasses end-user protections. We've confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further." Semperis has communicated its findings to both affected SaaS vendors and Microsoft, beginning in December 2024. Some vendors have taken steps to address the issue, while others reportedly remain vulnerable. Industry response and recommendations The Microsoft Security Response Centre (MSRC) advises SaaS application vendors to implement its security recommendations regarding user identification and OpenID Connect integration. Firms failing to comply may risk removal from the Entra Application Gallery. Semperis continues to focus on identity threat detection, with recent announcements regarding new detection features addressing other critical vulnerabilities such as BadSuccessor and Silver SAML. These findings exemplify ongoing risks within enterprise identity services, where configuration weaknesses in authentication protocols can present significant challenges for both software providers and their customers. The nOAuth vulnerability underlines the importance of not only secure development practices but also continuous monitoring as enterprise reliance on SaaS and identity federation increases. Semperis' report calls for prompt action from SaaS vendors to update their authentication implementations to address this persistent risk.
Techday NZ
3 days ago
- Techday NZ
Veeam & HPE deepen partnership to boost enterprise data resilience
Veeam and HPE have expanded their strategic partnership with an integration between the Veeam Data Platform and HPE Morpheus VM Essentials Software, aiming to enhance data resilience and recovery for enterprise customers. The new collaboration will see Veeam deliver image-based backup support for HPE Morpheus VM Essentials Software, encompassing virtual machine migration and data portability across conventional hypervisor environments. This builds on a longstanding relationship between the two companies, which seek to offer unified data protection and simplified management for customers operating in increasingly complex IT landscapes. Supporting hybrid and private cloud By integrating Veeam Data Platform with HPE Morpheus VM Essentials, organisations are expected to gain a more seamless solution for safeguarding key applications and data across private and hybrid cloud infrastructures. Fidelma Russo, Executive Vice President of Hybrid Cloud and Chief Technology Officer at HPE, said: "Data is an organisation's most valuable asset – and often its most vulnerable. With our deep partnership and integration, HPE and Veeam are delivering unified virtualisation and data protection that is future-ready, giving customers the resiliency and agility to evolve their hybrid IT strategy." For customers making use of HPE Private Cloud solutions, or those with standalone servers, the solution is designed to provide unified protection across multiple hypervisors and facilitate VM mobility. Cost savings are also cited in the form of up to a 90 percent reduction in VM licence costs. Enterprise-grade resilience Anand Eswaran, Chief Executive Officer at Veeam, highlighted the dual pressures organisations face in managing expanding IT complexity and rising cyber risk: "Organisations face a perfect storm of IT complexity and cyber threats. Data resilience can no longer be an afterthought. Our enhanced partnership ensures organisations can deploy enterprise-grade virtualisation solutions from HPE with Veeam backup, recovery, security and intelligence for maximum data resilience that keeps businesses running." Both companies stress that comprehensive support for modern workloads is a focal point. Veeam's Kasten solution will be available to provide backup and recovery for containerised and cloud-native workloads, complementing the broader integration with Morpheus Software and the established HPE Zerto Software offering. The solutions together allow organisations to protect not only virtual infrastructure, but also containerised and bare-metal workloads. Data Resilience by Design To further support enterprises, HPE and Veeam have launched a joint framework called "Data Resilience by Design". The framework is intended to empower customers to take a holistic, proactive stance towards securing and making their data highly available, through both technology and advisory services. As part of the initiative, the companies will provide HPE cybersecurity and cyber resilience transformation and readiness services, equipping organisations with a roadmap to assess, strengthen and future-proof data resilience strategies. The scope of the framework reflects concerns about the increasing sophistication of security threats facing businesses and the need for robust protections spanning private and hybrid cloud environments. The partnership aims to address these challenges by combining HPE's expertise across hybrid IT and cybersecurity with Veeam's capabilities in backup, recovery and data intelligence. The cooperation between HPE and Veeam also involves increased joint go-to-market investment, seeking to help customer organisations manage data protection with broader solution support and professional services. Unified approach to resilience With this extended partnership, both companies emphasise their focus on supporting organisations as they navigate heightened cyber risk and evolving IT demands. The aim is to enable customers to make use of private cloud environments while ensuring data remains secure, resilient and accessible. HPE and Veeam state that the combination of their technologies and expertise is designed to provide enterprises with the resources needed to manage increasingly complex operational and security landscapes.
