Barracuda protects Microsoft Entra ID from misconfiguration and malicious attack

Identity is a cornerstone of cybersecurity, whether you’re dealing with one password-protected file or a perimeterless network protected by Zero Trust Access and multifactor authentication. A properly configured identity and access management (IAM) system is vital to the security of any business, especially those companies that have a larger attack surface because of remote workers and dispersed assets like Internet of Things (IoT) devices. Typical IAM components include provisioning, directory services, password management, authentication, compliance, governance, and more.

The need for powerful IAM solutions and services has never been greater. Threat actors are becoming more sophisticated, and attacks are getting faster and better with the help of artificial intelligence (AI) and machine learning (ML). Several federal and state agencies in the United States (U.S.) now require strict authentication procedures to protect government resources.

What is Microsoft Entra ID?

One of the top players in the IAM market is Microsoft Entra ID (formerly Azure Active Directory). Entra ID is a cloud-based IAM service that provides both authentication and authorization services for a domain. Microsoft illustrates these functions with this simple diagram:

In short, authentication proves the identity of a user, machine, or software component. Authorization ensures that authenticated entities can only access the permitted resources.

Microsoft Entra ID has many feature levels and license types, but most Microsoft 365 subscribers use some tier of Entra ID to manage User, Group, Role, and Administrative Unit object types. Barracuda Entra ID Backup protects all these object types and retains the attributes and relationships that were in place at the time of backup.

Who’s responsible for your Entra ID deployment?

Microsoft follows a shared responsibility model that outlines the division of security responsibilities between Microsoft and its customers. Microsoft is responsible for the security “of” the cloud, which is the underlying infrastructure and physical security, along with the core services. Customers are responsible for security “in” the cloud, which includes data, endpoints, accounts, access management, and configuration of cloud services and application-level controls. The division of responsibility changes according to the deployment type, but the customer will always be responsible for the protection of data and identities.

It's important that customers understand this division of responsibilities. Microsoft does not protect data or secure applications, although it does make use of a recycle bin where deleted items are stored for 30 days. This is considered a state of ‘soft delete,’ during which all deleted items retain their properties and are available for recovery. Items in the recycle bin are unrecoverable from Microsoft after 30 days.

Barracuda Entra ID Backup is a software-as-a-service (SaaS) backup subscription that provides unlimited storage and retention of Entra ID data. Customers can back up and retain an unlimited amount of Entra ID data in Barracuda Cloud Storage for as long as they like.

Entra ID is a prime target for attack

Administrative access to Entra ID allows threat actors to modify security settings, delete data, and establish persistence in a company’s infrastructure. And if your Entra ID data is not available for any reason, your workforce will not be able to access the resources and applications they need to do their jobs, leaving your organization at a standstill. Entra ID access is sold on criminal forums, just like stolen data, leaked credentials, malware, or any other criminal product or service. Below is a recent screenshot of a threat actor selling access to a company’s 1,300-plus mailboxes, administration panels, and of course, Entra ID.

The threat actor ‘Scattered Spider’ is notorious for its targeted attacks on Entra ID. The group usually gets into a system through social engineering tactics and immediately starts looking for vulnerabilities and misconfiguration in Entra ID. Once it gains access, Scattered Spider creates multiple identities and modifies security policies throughout the system. Roughly 44% of threat actors remain hidden in a system for at least two months. More advanced threat actors like Volt Typhoon might remain in a system for years before they are discovered.  

This ‘dwell time’ is just one reason it’s so important to protect your Entra ID environment with a business backup system that gives you unlimited retention. Barracuda Entra ID Backup provides secure storage and fast, easy-to-use recovery options that help you keep your business running with minimal disruption.

Get started with Barracuda Entra ID Backup

Barracuda Entra ID Backup is a secure, simplified, and cost-effective approach to data protection. It’s available as a stand-alone product, or it is included free of charge with Barracuda Cloud-to-Cloud Backup.

Entra ID Backup not only safeguards your data but also provides peace of mind, knowing that your valuable information is securely stored and easily recoverable whenever needed. Experience the power of Barracuda Entra ID Backup by scheduling a demo today.