In short, authentication proves the identity of a user, machine, or software component. Authorization ensures that authenticated entities can only access the permitted resources.
Microsoft Entra ID has many feature levels and license types, but most Microsoft 365 subscribers use some tier of Entra ID to manage User, Group, Role, and Administrative Unit object types. Barracuda Entra ID Backup protects all these object types and retains the attributes and relationships that were in place at the time of backup.
Who’s responsible for your Entra ID deployment?
Microsoft follows a shared responsibility model that outlines the division of security responsibilities between Microsoft and its customers. Microsoft is responsible for the security “of” the cloud, which is the underlying infrastructure and physical security, along with the core services. Customers are responsible for security “in” the cloud, which includes data, endpoints, accounts, access management, and configuration of cloud services and application-level controls. The division of responsibility changes according to the deployment type, but the customer will always be responsible for the protection of data and identities.
It’s important that customers understand this division of responsibilities. Microsoft does not protect data or secure applications, although it does make use of a recycle bin where deleted items are stored for 30 days. This is considered a state of ‘soft delete,’ during which all deleted items retain their properties and are available for recovery. Items in the recycle bin are unrecoverable from Microsoft after 30 days.