Veeam unveils cloud solution to protect Microsoft Entra ID
Veeam has launched Veeam Data Cloud for Microsoft Entra ID as a new Software-as-a-Service (SaaS) solution to support organisations' identity management needs.
According to Veeam, Microsoft Entra ID, previously known as Azure AD, encounters over 600 million attacks daily, making identity protection a key area for enterprises. The new offering is intended to simplify data resilience for Entra ID tenants, enabling organisations to protect assets tied to user identity and access.
Veeam Data Cloud for Microsoft Entra ID follows the recent expansion of the broader Veeam Data Cloud platform, which delivers backup, security, and management for data in both on-premises and cloud environments through a unified system. The solution integrates cloud-native technologies and AI acceleration, aiming to enhance business continuity and operational efficiency while simplifying administrative tasks.
Niraj Tolia, Chief Technology Officer at Veeam, commented, "Security starts with managing your users and ensuring the right people have access to the right systems. That's why protecting Entra ID is so important, and why it's the latest addition to our Veeam Data Cloud platform. We are giving customers greater simplicity with an enterprise-ready, pre-hardened, and self-configured SaaS solution that removes the burden of managing and maintaining complex backup infrastructure."
The service aims to address a range of threats and administrative issues, including cybersecurity attacks, compliance requirements, accidental deletions, limitations on the recycle bin, and policy misconfigurations. Veeam Data Cloud for Microsoft Entra ID offers backup and restore capabilities for users, groups, application registrations, and other Entra ID objects. The company highlights the use of unlimited storage and a centralised user interface to streamline protection and recovery processes.
The main features of Veeam Data Cloud for Microsoft Entra ID include Proactive Protection, which increases visibility and control over changes to Entra ID, supporting business continuity, security, and compliance. Effortless Recovery facilitates the restoration of users, groups, attributes, application registrations, logs, and related metadata. Comprehensive Inclusion offers a managed backup service handled by experts, taking care of updates, maintenance, and security patches.
Research indicates the critical importance of securing identity services. Krista Case, Research Director at The Futurum Group, said, "Protecting Microsoft Entra ID has never been more important. In fact, one in five respondents in Futurum's Cybersecurity Decision Maker IQ research indicated credential compromise/account takeover as a security incident most impacting their organisation. Veeam is making resiliency for these environments, including visibility into potentially malicious behaviour and automated backup jobs, accessible to a broader range of customers by delivering it in a managed and hosted model with the addition of Entra ID protection to Veeam Data Cloud."
Veeam Data Cloud already covers protection for Microsoft 365 workloads. With the inclusion of Entra ID, customers can now bundle the new service with existing Veeam Data Cloud options for Microsoft 365 Flex and Premium, enabling ongoing user-based pricing models. This integration is designed to support consistency and flexibility for customers managing multiple Microsoft cloud workloads.
Customers are able to manage all their workloads, including those tied to Entra ID, across a single user interface. According to Veeam, features such as advanced security controls, role-based access management, and simplified reporting are also extended to encompass the new service. The SaaS nature of Veeam Data Cloud for Microsoft Entra ID relieves customers of the need to conduct updates or security fixes themselves, as these responsibilities are handled by Veeam's managed service.
Veeam Data Cloud for Microsoft Entra ID is now available for organisations seeking additional measures to safeguard identity management within their cloud operations.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
3 days ago
- Techday NZ
Veeam named Leader in Gartner 2025 backup & data report
Veeam has been named a Leader in the 2025 Gartner Magic Quadrant for Backup & Data Protection Platforms for the ninth time in a row. Gartner has also placed Veeam in the highest position for Ability to Execute for the sixth consecutive year as outlined in the latest Magic Quadrant, a research report that assesses vendors in the backup and data protection sector. The recognition comes as Veeam has introduced a series of new capabilities, especially within the Veeam Data Cloud portfolio. These developments include expanded protection options for Microsoft SaaS environments, expanded safeguarding for both Microsoft 365 and Entra ID user identities, and new features for predictable, immutable offsite storage to help further guard against ransomware attacks. The company has also launched added support for Salesforce, widening the coverage of secure and recoverable enterprise cloud applications. Market position The Gartner Magic Quadrant is a widely referenced industry analysis which categorises technology providers into four quadrants based on their 'Ability to Execute' and 'Completeness of Vision.' Leaders occupy the highest positions across both axes, reflecting vendor capabilities and ongoing advancement in the field. Gartner analysts report that these distinctions are based on comprehensive, fact-based research and support organisations seeking to align strategic decisions about data protection with the particular needs of their business. Commenting on Veeam's continued placement, Anand Eswaran, Chief Executive Officer at Veeam, said, "Veeam's success is built on serving our customers' needs and supporting them as their technology needs evolve – from delivering the most complete end-to-end cyber resilience capabilities to giving them the freedom to choose where and how to store and use their data." "That commitment to innovation, which has been at the core of our company since its inception, continues today as the world moves to SaaS and as organisations are incorporating AI into their core business processes. Veeam is the one-stop shop for keeping critical data safe no matter what happens." Veeam presently counts over 550,000 customers globally, including nearly 72% of the Global 2000 companies, who rely on its services for data protection and recovery needs. Recent advancements The company has added protection for the identities managed through Microsoft's Entra ID as part of its Microsoft SaaS offering. This, coupled with enhancements in offsite storage, is intended to improve resilience to increasingly prevalent ransomware threats. There is also new support for Salesforce, which means a greater proportion of customer cloud applications are included within Veeam's protective umbrella, responding to increased demand for data security across diverse cloud-based platforms. Gartner Magic Quadrant background The Magic Quadrant is a recurring research tool used by organisations to assess technology vendors. According to Gartner, the reports "are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of providers in markets where growth is high and provider differentiation is distinct." Providers are ranked in the quadrants of Leaders, Challengers, Visionaries, and Niche Players. Gartner emphasises that the Magic Quadrant results should not be interpreted as endorsements or recommendations for a specific vendor, but instead as a resource intended to support organisations as they review the changing data protection landscape and make purchasing decisions based on their individual requirements. Industry landscape The backup and data protection sector continues to evolve alongside new security challenges, particularly the growth in cyber threats such as ransomware and demands driven by artificial intelligence and SaaS adoption. Through its document, Gartner notes that the name and scope of the Magic Quadrant report has adapted to reflect these shifting industry priorities. It highlights the importance of robust research and considered decision making for technology and security leaders seeking to effectively safeguard business operations and data assets.
Techday NZ
3 days ago
- Techday NZ
Semperis warns nOAuth flaw in Entra ID risks SaaS accounts
Semperis has published new research highlighting the ongoing risk posed by the nOAuth vulnerability in Microsoft's Entra ID, which may allow attackers to take over SaaS application accounts with minimal effort. According to the research, nOAuth remains undetected by many SaaS vendors and is very difficult for enterprise customers to defend against. The vulnerability, originally disclosed in 2023 by Omer Cohen of Descope, arises due to a flaw in how certain SaaS applications implement OpenID Connect, particularly when unverified email claims can be used as user identifiers in Entra ID app configurations. This practice contrasts with recommended OpenID Connect standards. Semperis' follow-up investigation examined applications listed in Microsoft's Entra Application Gallery, finding that over a year after its initial disclosure, a substantial portion of applications remain vulnerable to nOAuth abuse. Risk to enterprises The core issue with nOAuth is that attackers require only their own Entra tenant and the email address of a target user to potentially gain full access to that person's account in a vulnerable SaaS application. Traditional defences, including Multi-Factor Authentication (MFA), conditional access, and Zero Trust policies, do not mitigate this risk. This presents a challenge for both developers and end-users. As Eric Woodruff, Chief Identity Architect at Semperis, explained, "It's easy for well-meaning developers to follow insecure patterns without realising it and in many cases, they don't even know what to look for. Meanwhile, customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat." Through comprehensive testing of more than 100 Entra-integrated SaaS applications, Semperis identified that nearly 10% were susceptible to nOAuth exploitation. Once access is obtained via this vulnerability, attackers may exfiltrate data, maintain persistence, and potentially move laterally within the victim organisation's environment. Detection and mitigation challenges Detection of nOAuth abuse is exceptionally difficult, as successful attacks leave minimal traces within standard user activity logs. Deep correlation across both Entra ID and individual SaaS platform logs is required to identify potential breaches. Semperis' research indicates that exploitation continues to be possible, despite the initial public disclosure and vendor recommendations. Highlighting the severity of the nOAuth issue, Woodruff added, "nOAuth abuse is a serious threat that many organisations may be exposed to. It's low effort, leaves almost no trace and bypasses end-user protections. We've confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further." Semperis has communicated its findings to both affected SaaS vendors and Microsoft, beginning in December 2024. Some vendors have taken steps to address the issue, while others reportedly remain vulnerable. Industry response and recommendations The Microsoft Security Response Centre (MSRC) advises SaaS application vendors to implement its security recommendations regarding user identification and OpenID Connect integration. Firms failing to comply may risk removal from the Entra Application Gallery. Semperis continues to focus on identity threat detection, with recent announcements regarding new detection features addressing other critical vulnerabilities such as BadSuccessor and Silver SAML. These findings exemplify ongoing risks within enterprise identity services, where configuration weaknesses in authentication protocols can present significant challenges for both software providers and their customers. The nOAuth vulnerability underlines the importance of not only secure development practices but also continuous monitoring as enterprise reliance on SaaS and identity federation increases. Semperis' report calls for prompt action from SaaS vendors to update their authentication implementations to address this persistent risk.
Techday NZ
4 days ago
- Techday NZ
Veeam & HPE deepen partnership to boost enterprise data resilience
Veeam and HPE have expanded their strategic partnership with an integration between the Veeam Data Platform and HPE Morpheus VM Essentials Software, aiming to enhance data resilience and recovery for enterprise customers. The new collaboration will see Veeam deliver image-based backup support for HPE Morpheus VM Essentials Software, encompassing virtual machine migration and data portability across conventional hypervisor environments. This builds on a longstanding relationship between the two companies, which seek to offer unified data protection and simplified management for customers operating in increasingly complex IT landscapes. Supporting hybrid and private cloud By integrating Veeam Data Platform with HPE Morpheus VM Essentials, organisations are expected to gain a more seamless solution for safeguarding key applications and data across private and hybrid cloud infrastructures. Fidelma Russo, Executive Vice President of Hybrid Cloud and Chief Technology Officer at HPE, said: "Data is an organisation's most valuable asset – and often its most vulnerable. With our deep partnership and integration, HPE and Veeam are delivering unified virtualisation and data protection that is future-ready, giving customers the resiliency and agility to evolve their hybrid IT strategy." For customers making use of HPE Private Cloud solutions, or those with standalone servers, the solution is designed to provide unified protection across multiple hypervisors and facilitate VM mobility. Cost savings are also cited in the form of up to a 90 percent reduction in VM licence costs. Enterprise-grade resilience Anand Eswaran, Chief Executive Officer at Veeam, highlighted the dual pressures organisations face in managing expanding IT complexity and rising cyber risk: "Organisations face a perfect storm of IT complexity and cyber threats. Data resilience can no longer be an afterthought. Our enhanced partnership ensures organisations can deploy enterprise-grade virtualisation solutions from HPE with Veeam backup, recovery, security and intelligence for maximum data resilience that keeps businesses running." Both companies stress that comprehensive support for modern workloads is a focal point. Veeam's Kasten solution will be available to provide backup and recovery for containerised and cloud-native workloads, complementing the broader integration with Morpheus Software and the established HPE Zerto Software offering. The solutions together allow organisations to protect not only virtual infrastructure, but also containerised and bare-metal workloads. Data Resilience by Design To further support enterprises, HPE and Veeam have launched a joint framework called "Data Resilience by Design". The framework is intended to empower customers to take a holistic, proactive stance towards securing and making their data highly available, through both technology and advisory services. As part of the initiative, the companies will provide HPE cybersecurity and cyber resilience transformation and readiness services, equipping organisations with a roadmap to assess, strengthen and future-proof data resilience strategies. The scope of the framework reflects concerns about the increasing sophistication of security threats facing businesses and the need for robust protections spanning private and hybrid cloud environments. The partnership aims to address these challenges by combining HPE's expertise across hybrid IT and cybersecurity with Veeam's capabilities in backup, recovery and data intelligence. The cooperation between HPE and Veeam also involves increased joint go-to-market investment, seeking to help customer organisations manage data protection with broader solution support and professional services. Unified approach to resilience With this extended partnership, both companies emphasise their focus on supporting organisations as they navigate heightened cyber risk and evolving IT demands. The aim is to enable customers to make use of private cloud environments while ensuring data remains secure, resilient and accessible. HPE and Veeam state that the combination of their technologies and expertise is designed to provide enterprises with the resources needed to manage increasingly complex operational and security landscapes.
