Entra ID Backups and New Security Features in Veeam

March 2025

Immutability, Entra ID Backups and a Zero Trust Security Model.

Veeam has significantly bolstered its security features to combat the ever-evolving landscape of cyber threats, with a particular focus on ransomware resilience and modern identity protection. Key enhancements revolve around a Zero Trust security model, proactive threat detection, and immutable backups.

One of the cornerstones of Veeam’s enhanced security is its emphasis on immutability. This ensures that backup data cannot be altered or deleted, effectively safeguarding it from ransomware attacks. Veeam achieves this through various means, including hardened Linux repositories and integration with cloud-based object storage that supports immutability, like Amazon S3 Object Lock. This provides Covenco’s customers with a robust defence against data tampering.

Ask Covenco about additional offsite immutability backup options, and on-premises immutable storage for your Veeam Backups.

Furthermore, Veeam has integrated advanced threat detection capabilities, leveraging AI-powered systems to identify and mitigate potential threats before they can cause damage. This proactive approach allows organisations to stay ahead of cybercriminals and minimise the risk of data breaches. Also, Veeam has heavily increased its partnerships with other security vendors, to increase the ability to detect, and react to threats.

Latest Security Features & Benefits in Veeam:

• Immutable Backups: Hardened Linux repositories and integration with cloud object storage (e.g., Amazon S3 Object Lock). Ensures backup data cannot be altered or deleted, providing robust protection against ransomware.
• Proactive Threat Detection: AI-powered threat detection and response systems. Identifies and mitigates potential threats before they cause damage, minimizing data breach risks.
• Enhanced Microsoft Entra ID Protection: Backup and recovery capabilities for Entra ID, including user accounts, groups, and objects. Safeguards cloud-based identity systems from cyberattacks, ensuring secure access to critical resources.
• Zero Trust Architecture: Veeam has implemented zero trust principals throughout its data platform. Verifies every request, and assumes nothing, this greatly reduces the attack surface.
• Advanced Malware Detection: Inline malware detection during backups, and also scans during restores.  Scans backups for malware before restores, preventing reinfection.
• Security and Compliance Analyzer: Automated checks and reporting on backup infrastructure security. Helps organisations adhere to security best practices and compliance requirements.
• Integration with Security Partners: Integrations with platforms like Palo Alto Networks Cortex XSIAM/XSOAR, Sophos MDR/XDR, and Splunk. Enhanced threat detection and response through collaboration with leading cybersecurity vendors.
• IoC Tools Scanning: Scanning of protected machines for known malicious tools. Expands the hunt for Indicators of Compromise (IoC) in protected machines, stopping attacks by identifying known hacker tools.
• Four-Eyes Authorization: Requires a second user to authorize destructive or risky configuration changes. Adds an extra layer of security by requiring dual authorization for critical actions.

Veeam now supports Entra ID backup and recovery

Notably, Veeam has expanded its protection to encompass modern identity systems, including Microsoft Entra ID, Microsoft’s cloud-based identity and access management service. Entra ID acts as the control centre for managing user identities and access to various applications and resources, both within and outside of the Microsoft ecosystem.

The addition of Entra ID in Veeam is a critical addition, as cloud-based identity platforms are increasingly targeted by cyberattacks. By providing backup and recovery capabilities for Entra ID, Veeam helps organisations ensure the resilience of their identity infrastructure, which is essential for maintaining secure access to critical applications and data. This allows for the ability to restore user accounts, groups, and also other Entra ID objects that could be lost from malicious, or accidental deletion.

Veeam Backup for Microsoft Entra ID Capabilities:

• Comprehensive Entra ID Object Backup: Backs up critical Entra ID objects, including user accounts, groups, roles, applications, and service principals.
• Granular Restore Options: Enables the restoration of individual objects or entire Entra ID configurations. Also, provides flexibility to restore specific attributes of an object.
• Point-in-Time Recovery: Allows restoration to a specific point in time, enabling recovery from accidental deletions or malicious changes.
• Protection Against Accidental Deletion: Safeguards against accidental deletion of users, groups, or other Entra ID objects.
• Protection Against Malicious Attacks: Provides a recovery mechanism in case of cyberattacks targeting Entra ID, such as account compromise or data exfiltration.
• Simplified Recovery Process: Offers an intuitive interface for easy backup and restore operations.
• Retention Policies: Allows for the creation of retention policies, to ensure the backups are kept for required compliance, or business needs.
• Search Functionality: Powerful search functionality, to quickly locate needed Entra ID objects.
• Reporting: Detailed reporting on backup and restore operations, providing visibility and audit trails.

Are you ready to secure your Entra ID, and take advantage of the new security features in your Veeam Backups?

To further discuss how these advancements can be integrated into your actionable security policies and to explore new ways to secure your Veeam backups, including the crucial protection of Entra ID, please use the form below to contact Covenco’s Veeam specialists.  Our team can provide expert guidance on tailoring Veeam solutions to your specific needs for more robust and effective backup and disaster recovery.