HPE Discover 2026 brings together 12,000 IT and business leaders to explore what’s next in hybrid cloud, AI infrastructure, and enterprise resilience. At the center of that conversation, you’ll find Veeam.

This year is a major milestone in our partnership, too. HPE and Veeam are celebrating 15 years of joint innovation, where we’ve covered everything from validated architectures for storage and virtualization to integrated platforms that protect some of the world’s most demanding environments.

Make the Veeam Booth Your First Stop

Stop by booth #2039 to speak with Veeam experts, see demos, and learn how HPE + Veeam’s joint portfolio addresses the decisions that keep IT leaders up at night. We also have a dedicated private meeting room available throughout the event for more in-depth conversations.

Whether your priorities are accelerating AI adoption, modernizing your virtualization environment, or tightening your resilience posture, our team will be ready with practical guidance that’s tailored to your environment.

If you’re new to what we’ve built together, 15 years is a long story (and one worth hearing).

See How HPE + Veeam Deliver Private Cloud for the AI Era

Private cloud is back on the agenda. AI workloads, data sovereignty requirements, and the need for tighter governance are driving organizations toward environments where they have greater control, without sacrificing cloud agility. At HPE Discover Las Vegas 2026, customers can explore how HPE + Veeam deliver a unified, AI-ready private cloud platform built around three priorities:

• AI-ready private cloud: Validated designs for AI workloads, secure data pipelines with Veeam Kasten for Kubernetes, and a faster path from pilot to production.
• Modern virtualization: HPE VM Essentials and Veeam Data Platform together enable multi-hypervisor support and smoother migrations from vSphere, giving your organization flexibility without the management overhead. Read the blog
• Built-in resilience and trust: Data Resilience by Design and the Data and AI Trust Maturity Model ensure the data that feeds your AI models is protected, governed, and recoverable. Not just for today’s operations, but for the AI investments shaping tomorrow.

Join Veeam at the Virtualization and CloudOps Hub

Experience the future of CloudOps at this exclusive networking event with the CloudOps founding team! Or, get hands-on experience with Morpheus Enterprise, Morpheus Essentials, and OpsRamp.

Spaces are limited and filling quickly.
Register now

On June 16 at 7:45 a.m. before the show floor gets moving, join us for the CloudOps Channel Partner Breakfast too!
Sign up

What You Can Take Away From Our Conversations

1. Private cloud is a strategic decision again. AI, sovereignty, and governance demands are reshaping where organizations run their most critical workloads. Build your resilience strategy around that reality, not the one from five years ago.
2. Virtualization modernization is also a protection conversation. Migrating from vSphere isn’t just an infrastructure decision; it’s an opportunity to rethink how you protect, manage, and recover virtual machines (VMs) across a multi-hypervisor environment. Read more about it in the blog
3. AI needs a resilience foundation. The data powering your models deserves the same protection, governance, and recoverability as any other mission-critical asset. If it doesn’t have that, your AI strategy has a gap.
4. Data resilience by design: Experience orchestrated resilience, from data protection to instant recovery, across your entire infrastructure when Veeam + HPE as a single, validated platform.
5. Expanded support for HPE Alletra Storage MP B10000 and HPE StoreOnce efficiency. Veeam Data Platform uses the latest HPE StoreOnce Catalyst to deliver up to 60:1 data reduction, remove incremental backup limits, accelerate restores, support new hybrid cloud use cases, and lower TCO. It also adds NVMe support and new snapshot integrations for faster backups and near-instant recovery of critical workloads. New reference architectures for end-to-end immutability across the HPE Alletra Storage MP portfolio are expected soon, which will further strengthen ransomware and data loss protection.
6. AI at scale starts with trusted, resilient data. HPE + Veeam help organizations build an AI-ready foundation where data is protected, governed, and recoverable—so teams can move from experimentation to production with greater confidence, control, and resilience.

Read the PR announcement

Connect with Veeam at HPE Discover 2026

Visit us at booth #2039 or request a meeting to reserve time with our team. Our team includes alliance experts, solutions architects, and senior leaders who are ready to have a real conversation about your priorities.

Whether you want to strengthen your resilience posture, accelerate AI infrastructure, or simplify your virtualization environment, we’ll help you turn those priorities into action.

Resources:

Join us at HPE Discover 2026

Backup & Recovery for HPE Morpheus VM Essentials

HPE Private Cloud Business Edition, VM Essentials and Veeam Data Platform Explainer

HPE and Veeam: Enhancing Private Cloud Data Protection with Morpheus Software, VM Essentials, and Kubernetes

The Veeam Wake Up Podcast with Jan De Clercq, Security Chief Technologist, HPE

The Great VM Reset: Insights from HPE and Veeam

HPE Morpheus VM Essentials Software – Using Veeam agents for protection

The post Veeam at HPE Discover 2026: 15 Years, One Vision appeared first on Veeam Software Official Blog.

Pure Accelerate 2026 is a great moment for organizations looking at balancing AI-ready infrastructure, operational simplicity, with stronger cyber resilience. At the event, customers can explore how Veeam helps turn protection and recovery into a strategic advantage, with solutions designed to simplify operations, strengthen resilience, and support real-world recovery goals at scale.

Make the Veeam booth your first stop

If you are heading to Pure Accelerate 2026 in Las Vegas, make the Veeam booth a priority. Whether your focus is reducing backup overhead, accelerating restores, or strengthening ransomware readiness, our Veeam experts will be ready with practical guidance, proven strategies, and conversations tailored to your environment. Additionally, learn more about Veeam’s acquisition of Securiti AI, and how you can accelerate safe AI at scale across workloads.

See how Veeam and Everpure can elevate protection and recovery

One of the biggest reasons to connect with Veeam at the event is to see how Veeam Data Platform complements Everpure’s intelligent control capabilities to reduce operational friction and improve recovery outcomes. Customers can explore how Everpure Fusion helps orchestrate FlashArray systems fleet-wide while Veeam delivers the backup and recovery engine, bringing centralized visibility, automated registration, and consistent policy enforcement across datastores. The result is a more streamlined path to protection, faster recovery, and greater confidence in resilience.

• Fleet-wide policy control: Apply protection policies once and enforce them consistently across the environment.
• Snapshot-driven speed: Leverage array snapshots for low-impact backup and near-instant restores where appropriate.
• Anomaly-aware recovery: Pair anomaly detection and incident workflows to accelerate the path to clean restores.

Don’t miss Veeam’s breakout session 

Redefining Data Resilience: Veeam and Everpure’s Next-Gen Integration 

Hear from Veeam’s experts Emiliee Tellez and Mark Polin to Discover how Veeam and Everpure are setting new standards in data protection with industry-leading SafeMode immutable storage snapshots, integrated Pure1 anomaly detection, and unified fleet management via Fusion. Explore validated cyber-resilience, seamless VMware integration, and flexible as-a-service licensing—empowering your enterprise with true next-gen data resilience. 

Wednesday, June 17 from 1:45-2:30pm 

Room: Jasmine D 

Learn how to make clean recovery more repeatable

Customers visiting Veeam can also engage on one of the most urgent topics at Everpure Accelerate: clean recovery after a cyber incident. Today, resilience is not just about restoring data. It is about restoring with speed, accuracy, and confidence. Veeam can show how anomaly detection signals, incident context, and restore point intelligence help teams identify trusted recovery options faster and build a more repeatable path to isolated recovery and validation.

• Fast, storage-integrated protection: Using snapshot-based approaches where they make sense to improve performance and reduce overhead.
• Recoverability you can validate: Moving beyond “we have backups” to “we can restore and prove it,” with repeatable processes and reporting.
• Cyber resilience workflows: How anomaly signals and incident context can help narrow the search for clean restore points during an attack.
• Operational simplicity at scale: Reducing the time spent onboarding, registering, and managing protection across many systems.
• Cloud like consumption: SLA-aligned, as-a-service delivery options through approved MSPs/GSIs with predictable, consumption-based pricing—reducing operational burden through managed monitoring, patching, and policy management. Read the blog

What you can take away from the conversation

1. Design for fleet scale, not single systems. Standardize policies and automate onboarding so protection doesn’t drift as the environment grows.
2. Assume you’ll need clean recovery, not just recovery. Build workflows that help you identify trustworthy restore points and practice isolated recovery. Watch the demo
3. Use storage capabilities strategically. Snapshot integration and all-flash performance can improve RPO/RTO—when paired with an enterprise-grade backup and recovery platform.

Get Started with Veeam and Everpure Today

Natively integrated with Everpure Flash Array through the Universal Storage API and validated by the Veeam Ready program to provide a simple, resilient, easy to scale solution for enterprises

Visit the Veeam booth 13 at Pure Accelerate 2026 at Resorts World in Las Vegas or request a meeting with our experts for a chance to talk through your protection strategy, see how Veeam and Everpure can work together across your environment, and discover practical ways to improve recovery speed, operational simplicity, and cyber resilience. Whether you are modernizing infrastructure, strengthening ransomware readiness, or planning for greater scale, the Veeam team will be ready to help you turn those priorities into action.

Resources:

Demo: Pure1 Veeam Anomaly Awareness Workflow

Veeam Wake Up Podcast with Rick Orloff, VP and CISO at Everpure

On demand webinar: Achieving Cyber Resilience with Veeam, Everpure, and Nutanix

Try Veeam for free for 30 days

The post Why You Should Make Veeam a Must-Visit at Pure Accelerate 2026 appeared first on Veeam Software Official Blog.

AI Ambition Is Everywhere. Trusted Data Is Not.

That is the clearest takeaway from The Data & AI Trust Gap, Veeam’s new global research report, which is based on a survey of 600 senior leaders across North America, Europe, and Asia Pacific. The findings point to a hard truth: Most organizations do not have an AI adoption problem. Rather, they have trust issues around their data, which ends up slowing AI progress.

And the pressure to move faster with AI is intense. Some 83% of CEOs report feeling the need to accelerate their AI and data capabilities. But 95% say data challenges have slowed advancements in the past year. That gap between ambition and execution is where this report begins. If organizations want AI to deliver real business value, they need more than access to models and infrastructure. They need data they can trust, governance they can prove, and leadership alignment strong enough to turn strategy into action.

Download the full report to see the complete findings and what they mean for your organization.

The Real AI Challenge Is Trust

AI is no longer an experiment for most organizations. According to the report, 88% are already using or piloting AI agents. But governance is not keeping pace. That mismatch creates risk fast. When leaders cannot clearly see what data exists, where it lives, how AI is using it, or who owns the risk, trust breaks down. And when trust breaks down, so do outcomes.

Our report explores the gap between AI ambition and results, and shows that the organizations making the most progress are not necessarily the ones moving fastest. Instead, those organizations seeing the biggest results are the ones first building the right foundations.

What the Data Tells Us

Here are some of the clearest takeaways from our survey of 600 senior leaders from across the globe.

1. CEOs see the opportunity, but the foundation is still missing

The upside is clear to leadership. Nearly half of all CEOs believe trusted, compliant data could boost revenue or efficiency by more than 25%. Plus, across all respondents, 38% say the same.

Of course, belief is not the same as readiness. Most leaders say their organization’s data still needs to be more:

• Up to date (79%)
• Accurate (74%)
• Accessible (71%)

This data serves as a wake-up call, that while organizations understand the value of trusted data, many still lack the visibility, controls, and accountability needed to act on it.

2. There is a major leadership disconnect around AI visibility

One of the most striking findings in the report is the gap between what CEOs believe and what technical leaders see. For example, some 65% of CEOs say their organization has a complete and reliable AI inventory, while only 44% of CISOs and 52% of CIOs agree.

That matters because AI strategy, compliance posture, and risk tolerance are often set at the top. And if the view from the top is incomplete, the decisions built on it can be too.

3. Ownership of AI risk is fragmented

When asked who holds primary responsibility for what AI agents do, respondents did not point to one clear owner.

In other words, responsibility is spread across the organization, but not always in a structured way. That type of strategy can make it harder to enforce controls, respond to issues quickly, and prove accountability when regulators or boards ask tough questions. What the report shows clearly: When ownership is defined well, outcomes improve. When responsibility is diffused, confidence drops.

4. Shadow AI is already a real business problem

The report also highlights how quickly AI use is spreading beyond approved channels. Some 95% of organizations know employees are using unapproved AI tools, and 93% of senior leaders recognize shadow AI as a problem. Yet only 25% of organizations provide all employees with access to approved AI tools.

That gap is notable. If people need AI to do their jobs and the business does not give them governed options, they will find their own. Policy alone will not solve that. Organizations need practical guardrails, approved alternatives, and consistent enforcement.

5. Most organizations are still not AI-ready

One of the strongest themes in the report is that AI readiness is not about hype. It is about fundamentals.

The research identifies three building blocks of AI readiness:

• Ambition
• Visibility
• Governance

Only 7% of organizations have all three in place today. But here is the upside. Among that small group of 7%, around 97% report significant, formally quantified business outcomes from their data initiatives over the past year.

That is the real story this research report uncovered. The gap is not between organizations that care about AI and those that do not. Rather, it is between organizations that have built the foundation for trusted execution and those still trying to scale without it.

What It Takes to Make AI Work at Scale

This report is not a warning against AI. It is a reminder that trust is what makes AI useful at scale.

Organizations need:

• Clear visibility into where data lives and how it flows
• Enforced controls, not policy alone
• Recovery that is tested and validated
• Executive alignment around ownership and accountability

The four conditions above all have key roles to play in making safe, scalable AI possible. And the organizations seeing results are doing the work upfront. They are auditing their data, closing visibility gaps, assigning ownership, and building governance that can stand up to operational and regulatory pressure.

The Data & AI Trust Gap lays out the full research, key statistics, and the leadership gaps organizations need to close to move from AI ambition to results.

Download the report to explore:

• Where C-suite perception diverges from technical reality
• Why data trust is becoming a revenue and efficiency issue
• What shadow AI is revealing about governance gaps
• How AI-ready organizations are separating themselves from the pack

If your organization is pushing AI forward, this report will help you understand what may be holding results back, and what to do next.

The post Announcing the Data & AI Trust Gap Report: Why AI Ambition Is Outpacing Trust appeared first on Veeam Software Official Blog.

AI is creating extraordinary opportunities for organizations to move faster, unlock value from data, and transform how work gets done. Across industries, businesses are deploying copilots, generative AI tools, and autonomous agents to improve productivity, accelerate decision making, and operationalize intelligence at an unprecedented scale.

However, AI is also forcing organizations to confront a reality that has existed for years: Most governance programs were never designed for the complexity of modern data ecosystems.

Long before generative AI entered the enterprise, organizations were already struggling to govern sprawling environments made up of cloud platforms, SaaS applications, analytics tools, third-party vendors, and constantly moving data. Privacy teams relied heavily on assessments, inventories, spreadsheets, email chains, and manual reviews to understand how information was being collected, used, and shared.

Those approaches were already under strain. AI did not create this problem, but it certainly exposed it.

As organizations adopt AI, data is no longer moving through relatively predictable business processes. Rather, it’s flowing through prompts, retrieval systems, orchestration layers, autonomous agents, model interactions, downstream integrations, and continuously evolving workflows. Information is enriched, transformed, inferred, combined, and reused across systems at a pace that traditional governance processes were never designed to manage.

The challenge organizations face today is not simply an AI challenge; it’s an operational governance challenge.

Effective governance can no longer function as a periodic compliance exercise that’s built around static assessments and point-in-time reviews. In AI environments, governance decisions must happen continuously across changing models, vendors, workflows, jurisdictions, prompts, orchestration layers, and downstream data uses.

This creates a fundamental scaling problem.

Privacy teams cannot manually evaluate every AI use case, workflow, vendor relationship, or downstream processing activity. Consent preferences cannot be managed reliably through disconnected systems, and governance programs cannot depend on static documentation when the underlying technology stack is evolving daily.

This results in a widening gap between the speed of innovation and the speed of governance. Closing that gap requires taking a different approach.

Organizations need governance capabilities that are embedded into operational processes, connected directly to the data they govern, and capable of generating evidence that controls are functioning as intended. Governance must become part of the infrastructure itself rather than a series of activities performed around it.

The organizations that succeed in the AI era will not be the ones that avoid innovation; that’s not an option. Those who will rise to the challenge will be those who can govern that innovation confidently at scale.

The Next Phase of Privacy Operations

For years, privacy programs have focused on creating policies, assessments, inventories, notices, and workflows that are designed to help organizations meet regulatory obligations. Those capabilities are still essential, but they are not sufficient on their own.

The future of privacy operations is not simply documenting governance; it’s operationalizing and treating governance as part of the product too. We must, then, learn from our friends in product. We need to learn how to deploy governance and how to ship it.

This means embedding controls directly into the systems where data is collected, processed, shared, and used. It also means connecting policy to execution and creating governance processes that can scale alongside modern technology environments.

This is the challenge Veeam’s latest privacy and AI governance innovations are currently addressing and will be designed to continually address in the future.

Rather than treating privacy as a collection of isolated compliance activities, the Veeam DataAI Command Platform approaches governance as an operational discipline that’s integrated directly into how organizations manage data, enforce policy, and demonstrate accountability.

A critical example of this is consent.

Most organizations have become reasonably effective at collecting cookie consent preferences. The harder problem is ensuring those preferences remain attached to data as it moves through warehouses, analytics environments, AI systems, SaaS applications, advertising technologies, and third-party ecosystems.

In modern environments, consent is no longer a banner problem — it’s a data infrastructure problem.

The Veeam Consent Agent is a full-stack consent compliance and remediation agent that’s designed to manage the entire consent lifecycle. It helps organizations move beyond consent collection by automating banner creation, testing, monitoring, remediation, and downstream enforcement. This agent captures user consent signals, including cookie preferences, marketing opt-outs, revoked permissions for AI personalization, and processing restrictions. Then, it helps propagate and enforce those preferences across the systems that must honor them, including analytics platforms, AI pipelines, advertising technologies, SaaS applications, and third-party ecosystems.

Powered by Veeam’s robust regulatory intelligence and jurisdiction-aware policy framework, the Consent Agent helps organizations identify compliance gaps, prioritize risk, generate audit-ready evidence, and maintain visibility into consent governance across increasingly complex environments.

At the same time, privacy teams are facing growing pressure to evaluate new technologies, document risk, demonstrate compliance, and respond to evolving regulatory expectations.

The challenge that comes with this is not a lack of expertise; it’s a lack of capacity.

Many governance professionals spend significant time gathering information, reviewing documentation, correlating evidence, and drafting responses to assessments before they can even begin the work that requires human judgment.

The Assessment Autocomplete Agent helps reduce that burden by analyzing supporting evidence and generating tailored assessment responses with a single click. It supports a wide range of governance workflows, including Data Protection Impact Assessments (DPIAs), EU AI Act conformity assessments, and vendor risk questionnaires. Rather than replacing human oversight, it accelerates the work leading up to it, allowing teams to focus their attention on risk evaluation, decision-making, and accountability.

This same principle also applies to privacy rights operations.

As privacy laws continue to expand globally, organizations must maintain intake mechanisms that accurately reflect evolving regulatory requirements and organizational obligations. The Data Subject Request Web Form Builder Agent generates and maintains intake forms configured to an organization’s operational and regulatory footprint. Teams can launch compliant forms more quickly, keep them aligned with changing legal requirements, and reduce the need for recurring legal review and development efforts every time regulations evolve. By automating much of that work, organizations can reduce the time required to deploy and maintain DSR forms by approximately 50%.

Together, these capabilities are designed to address a simple reality: Governance operations must be able to scale alongside the systems they govern.

Trusted AI Starts with Operational Maturity

Organizations often discuss AI governance as though it exists separately from privacy, security, compliance, and data governance. In practice, these disciplines are increasingly converging around the same foundational challenge: Understanding data, governing its use, enforcing policy consistently, and proving that controls are working.

Many of the capabilities required for trusted AI already exist within mature privacy programs. This includes things like visibility, consent governance, assessments, transparency, rights fulfillment, accountability, and policy enforcement.

What’s changed is the scale.

The volume of data, the pace of innovation, and the complexity of modern technology ecosystems have outgrown governance models that were built for a different era.

Trusted AI will not be achieved through static documentation or one-time reviews. It will be achieved through operational systems that can adapt as technologies, regulations, business processes, and data ecosystems evolve.

Privacy, security, data governance, resilience, compliance, and AI governance are increasingly converging into a shared operational challenge. The organizations that recognize this shift first will be best positioned to innovate with confidence.

Organizations that invest in operationally mature governance programs are doing more than improving compliance; they’re building the trust infrastructure that will determine who can innovate safely, responsibly, and successfully in the age of AI.

Ready to move beyond manual governance? See how Veeam helps organizations operationalize privacy and AI governance at enterprise scale.

The post Privacy Operations Agents Are Redefining How Organizations Scale With Agentic AI appeared first on Veeam Software Official Blog.

This post walks through exactly how these attacks happen, where most organizations are exposed without realizing it, and what real recovery looks like.

Identity is Your New Perimeter

For years, enterprise security investment flowed toward the network edge, including firewalls, intrusion detection, and perimeter hardening. Now, that model is obsolete. With the shift to SaaS-based applications like Microsoft 365, Salesforce, Workday, and ServiceNow, the perimeter has moved. Today, your perimeter is your identity layer.

Microsoft Entra ID sits at the center of almost every modern organization. It controls who your users are, what groups they belong to, what applications they can access, and how every system authenticates against every other one via single sign-on. Breach Entra ID, and you haven’t just compromised one system; you’ve handed an attacker the keys to your entire connected environment.

The rise of AI agents and non-human identities means organizations will soon manage dozens of machine identities for every human user. Some analysts predict up to a hundred. Either way, each one of these machine identities is a potential attack surface, and each one needs to be protected.

How Fast an Attacker Can Own Your Environment

The most dangerous identity attacks don’t look like attacks at first. Consider what’s known as a watering hole attack, a technique that’s becoming increasingly common among sophisticated threat groups.

These attacks start on legitimate websites like LinkedIn, which is where the “watering hole” comes into play.  An attacker creates a convincing fake company with a professional page, targeted advertising, and a value proposition calibrated to appeal to IT administrators or infrastructure managers. This ad surfaces in the feeds of people who are most likely to have elevated Entra ID privileges. If someone clicks through, the site looks legitimate.

The victim is often prompted to authenticate their work account to access a “free AI-powered audit.” They use the standard Microsoft device login flow, which is the same process they use every day. No suspicious email, no unusual-looking link, and no malware download. Just a normal OAuth consent prompt that, once approved, hands the attacker a valid authentication token. It is worth noting that this is a numbers game, not every potential victim will have the elevated rights required but enough of them to do make it this scam a lucrative business.

From this point, the timeline is brutal:

• Token captured. The attacker can now read personal emails, access OneDrive, and begin elevating themselves out of the personal context of just the user.
• Persistence installed. Because personal tokens expire, the attacker registers a backdoor application inside the tenant with elevated and more global permissions. Even if the victim changes their password, access remains.
• Lateral movement begins. With application-level permissions, the attacker can enumerate every user in the directory, access any OneDrive, modify user attributes, and delete data across the organization.
• Rogue admin created. A new global administrator account is inserted into the tenant with multi-factor authentication (MFA) disabled. The attacker now has their own durable credentials.
• SSO exploited. Because Entra ID controls are single sign-on, that rogue admin account can be added to any enterprise application, including Salesforce, Workday, and ServiceNow. The breach spreads beyond Microsoft 365 entirely.

All of this can happen in minutes, and increasingly, AI is accelerating every stage of it. Data exfiltration now happens three times faster in AI-powered attacks with the ability to identify high value data that is second to none, from reconnaissance all the way through to extraction.

The Shared Responsibility Gap Nobody Talks About

Here is the part most IT teams don’t fully internalize until it’s too late: Microsoft secures the platform, but you’re responsible for what’s inside it.

Microsoft guarantees uptime, resilience, and security updates for the Entra ID and Microsoft 365 infrastructure. That is their job, and they do it well. That said, the identity objects inside your tenant, including your users, groups, roles, application registrations, and audit logs, are still your responsibility. The data your organization creates inside SharePoint, OneDrive, Exchange, and Teams is also yours. Microsoft’s built-in retention is short, typically 30 days or less, with significant gaps in granularity, and therefore not very resilient when it comes to protecting your data.

This is the same shared responsibility model that applies to virtually every SaaS platform you use. Salesforce is responsible for Salesforce uptime, but you are ultimately responsible for your Salesforce data.

Most IT organizations have internalized this for traditional infrastructure. They back up their file servers, they back up their virtual machines (VMs), and they have recovery plans for on-premises systems. But identity? Entra ID? That still gets treated as infrastructure that “just works,” right up until it doesn’t.

Recovery is the Strategy

Preventing every identity attack is not a realistic goal. The threat volume is too high, the techniques too varied, and AI is making attackers faster and more targeted with every month that passes. The organizations that will weather these attacks best are the ones that can recover to a clean state quickly, minimize business disruption, and limit the blast radius.

What does this recovery actually look like in practice?

Entra ID recovery needs to be granular. After an attack, you may need to restore specific user attributes that were modified, such as a job title, department, or group membership, without overwriting everything else. You may need to roll back application registrations, remove rogue service principals, or restore deleted users while blending your backup data with whatever short-term retention Microsoft still has available. A manual recovery at this level doesn’t scale, and the object relationships alone make it impractical without purpose-built tooling.

Microsoft 365 recovery needs to reach every layer, including individual emails, specific OneDrive files, entire mailboxes, SharePoint sites, their permissions, and Teams data. It needs to support flexible restore options too, including back to the original location, to an alternate location, or downloaded directly for forensic purposes.

SaaS recovery, such as restoring deleted Salesforce records or modified account data, needs to sit within the same unified workflow. When an attacker pivots Entra ID into Salesforce via SSO, your recovery can’t stop at Microsoft.

Audit log preservation is often overlooked but critically important. Entra ID sign-in logs and audit logs capture who signed in from where, what changes were made, and what applications were accessed. Microsoft retains these for 30 days by default. If a breach is discovered 90 or 200 days later, however, those logs are gone. An independent backup that retains them indefinitely gives your security team, forensic investigators, and potentially your cyber insurance provider the evidence trail they need.

Veeam Data Cloud was built to address this recovery problem. It is a unified, subscription-based platform that protects Entra ID, Microsoft 365, Salesforce, and other workloads from a single interface, with granular restore capabilities, immutable encrypted storage, and advanced threat detection that monitors for anomalies in backup data in real time.

FAQs

Can Microsoft recover my Entra ID if it’s compromised?

Microsoft provides limited and short-term recovery capabilities, typically a recycle bin for recently deleted objects with a retention window of around 30 days. There is no native capability to restore specific object properties (like modified user attributes), recover application registrations at a granular level, or restore data beyond that short retention window. For a comprehensive recovery, an independent backup solution is required.

What’s the difference between Microsoft’s built-in retention and independent backup?

Microsoft’s built-in retention is designed for accidental deletion scenarios within a short timeframe. It is not designed for recovering from a sustained attack, restoring configurations that were modified rather than deleted, or preserving audit logs for forensic purposes beyond 30 days. An independent backup gives you a separate, immutable copy of your identity and data estate that sits outside the compromised environment, which is exactly what you need when the environment itself has been breached.

How do identity attacks lead to SaaS breaches like Salesforce?

Entra ID controls single sign-on for most enterprise SaaS applications. When an attacker gains sufficient access to an Entra ID tenant, they can enumerate all enterprise applications that are configured for single sign-on, add their own account to any of those applications, and authenticate directly as a legitimate user without ever touching Salesforce’s own security controls. The breach of Entra ID is the breach of everything connected to it.

What should I back up to recover from an identity attack?

At minimum: All Entra ID objects (users, groups, roles, application registrations, service principals), Microsoft 365 data (Exchange, OneDrive, SharePoint, Teams), Entra ID sign-in and audit logs, and any SaaS applications connected via single sign-on that contain business critical data. The audit logs in particular are frequently overlooked, but they’re are your forensic record of what happened and when.

How quickly can an attacker move after gaining an OAuth token?

Extremely quickly. With a valid OAuth token of a user with adequate access permissions, an attacker can enumerate your entire user directory, access data across multiple users’ mailboxes and OneDrives, install persistence mechanisms, create rogue admin accounts, and pivot to connected SaaS applications, all within a single session. This is not a slow, methodical breach. It is rapid, and the window for detection before significant damage is narrow.

See the Attack (and Recovery) for Yourself

If you want to see exactly how this unfolds in a real environment, I ran a live product demo that walks through the full scenario I described in this post. It covers the watering hole attack from initial lure to rogue admin creation, lateral movement into Salesforce single sign-on, and then the complete recovery workflow inside Veeam Data Cloud including Entra ID, Microsoft 365, and Salesforce, all from a single interface.

The on-demand recording is available here: Under Attack: Simulating, Surviving and Restoring from an Identity Threat

It runs about 50 minutes and is worth watching with your team, particularly anyone who owns the identity or backup conversation in your organization.

Treat Identity Like Infrastructure

You already back up your VMs, you already have recovery plans for your file servers and databases, and you treat those systems as infrastructure: critical, recoverable, protected.

Your Entra ID tenant is infrastructure. Your Microsoft 365 environment is infrastructure. The identity layer that controls access to every system in your organization is infrastructure. It deserves the same level of protection, the same recovery planning, and the same independent backup strategy you apply to everything else.

Identity attacks are happening at scale, they are accelerating, and they will affect your organization. The question is whether you’ll be in a position to recover cleanly when they do, or whether you’ll be rebuilding from scratch, without logs, without granular restore points, and without the independent copy that sits outside the compromised environment.

The time to answer that question is before the attack, not after.

The post When Identity is Compromised: How to Recover and Keep Your Business Moving appeared first on Veeam Software Official Blog.