Acronis on July 7, 2026, introduced a new backup and recovery capability for Microsoft Entra ID, aimed squarely at managed service providers. The extension closes a long-standing gap in Microsoft 365 data protection by giving MSPs a way to safeguard cloud identity objects—users, groups, conditional access policies, applications, and role assignments—alongside the Exchange mailboxes, OneDrive files, SharePoint libraries, and Teams data they already back up with Acronis Cyber Protect.

What actually changed

Until this release, Acronis’s Microsoft 365 protection portfolio mirrored the typical SMB backup checklist: mail, files, and collaboration workspaces. Identity was the invisible exception. Most IT pros assumed that Entra ID (formerly Azure Active Directory) didn’t need a backup because Microsoft operates the service. That assumption has caused painful recoveries when a critical conditional access policy was inadvertently deleted, a sync misconfiguration wiped out user attributes, or a disgruntled admin removed service principals.

The new Entra ID Backup module—available inside Acronis Cyber Protect Cloud and Acronis Cyber Backup for Microsoft 365—changes that. It captures a near-real-time snapshot of the entire identity fabric, including:

  • User accounts with all attributes, group memberships, and license assignments
  • Security groups, distribution lists, and dynamic group rules
  • Administrative roles and privileged identity management settings
  • Conditional Access policies and named locations
  • Enterprise application registrations, service principals, and permissions
  • Authentication methods and MFA settings (metadata only, not secrets)

The backup engine runs inside the tenant—Acronis deploys a lightweight agent via an enterprise application registration—and streams incremental changes to the provider’s cloud storage. MSPs manage everything from the same Acronis Cyber Protect console they already use for endpoint and workload protection. Granular recovery options let you restore a single user, a policy, or an entire configuration; cross-tenant restores are supported for migration and disaster-recovery scenarios.

Acronis hasn’t announced whether the capability will ever be available directly to enterprise customers outside the MSP channel. For now, the company’s messaging frames it as an MSP-exclusive add-on, integrated with its existing per-workload licensing model.

What it means for you

For MSPs

This launch gives you a new conversation opener. Walk into a client meeting and ask, “If someone deletes your Conditional Access policies tomorrow, how long would it take you to rebuild them?” Most IT managers will stare blankly. Identity recovery isn’t something Microsoft natively supports in a way that matches RTO expectations. You now have a tool that fills that void.

Three immediate advantages:

  1. Competitive differentiator. Many backup vendors still treat Entra ID as an afterthought or offer only crude export scripts. Acronis delivers a policy-driven, continuously updated backup with a UI you already know.
  2. Increased stickiness. Adding identity backup to your Microsoft 365 offering expands your average revenue per seat and makes it harder for a client to swap you out. Rebuilding an identity estate manually is a project they’ll never want to repeat.
  3. Compliance and insurance alignment. Cyber insurers increasingly ask about identity recovery capabilities. Being able to demonstrate that Entra ID objects are backed up to an immutable, air-gapped location can directly influence premium assessments and claims handling.

Pricing hasn’t been made public yet, but Acronis typically bundles add-ons under its “advanced packs” model. MSPs should expect a per-user or per-tenant surcharge on top of existing Microsoft 365 backup licenses. Free trials are likely to be offered through the Acronis Partner Portal.

For IT administrators and business owners

If you’re the person who actually runs the Microsoft 365 tenant, you need to understand that the Shared Responsibility Model doesn’t cover your identity configuration. Microsoft ensures the service is available; you ensure the data—including the settings that govern who can access what—is recoverable. The built-in Entra ID recycle bin and 30-day soft-delete for users are not a backup: they don’t cover groups, apps, policies, or any attribute-level history.

If your organization already works with an MSP that uses Acronis Cyber Protect, ask whether the Entra ID Backup module is part of your contract. If it isn’t, request a pilot. The most common identity-recovery failures occur during:

  • Merger and acquisition integrations, where bulk user updates go wrong
  • Ransomware attacks that specifically target Entra ID via app-based consent grants or token replay
  • Accidental deletion of critical Conditional Access policies that lock out remote workers
  • Failed sync jobs from on-premises Active Directory that corrupt user attributes

Having a point-in-time backup of your entire identity plane turns these events from crises into routine support tickets.

How we got here

Acronis’s move follows a broader industry awakening to the importance of identity backup. The timeline matters:

  • 2017–2020: Backup vendors raced to support Exchange Online, OneDrive, and SharePoint as the core Microsoft 365 data footprint. Acronis, Veeam, AvePoint, and others all released capable products. Identity was rarely mentioned in pitch decks.
  • 2021: The Colonial Pipeline and Kaseya attacks demonstrated that identity infrastructure—often stored in Active Directory on-premises—was a prime target. Cloud-only organizations started asking the same questions about Entra ID.
  • 2023–2024: Microsoft introduced the Microsoft 365 Backup API (still in preview for some workloads) and a lightweight Entra ID snapshot tool called “Scheduled Configuration Reviews,” but neither provided automated, versioned restore. Third-party identity governance vendors like Semperis and Quest began offering Entra ID backup, but their tools were overwhelmingly enterprise-focused and priced for large SOCs.
  • 2025: Acronis signaled its identity intentions by acquiring a small Belgian startup specializing in Entra ID change tracking. The acquisition went largely unnoticed outside analyst circles but gave Acronis the underlying graph-delta engine it needed to build incremental identity snapshots.

By mid-2026, the MSP market was ready. Acronis’s existing base of 20,000+ MSPs managing millions of Microsoft 365 seats represented a captive audience that needed a low-friction way to add identity resilience.

What to do now

If you’re an MSP using Acronis Cyber Protect

  1. Check your portal. Log into the Acronis Cyber Protect management console and look for a new “Microsoft Entra ID” tile under backup sources. If it’s not visible, your tenant may need an update; contact your Acronis account manager.
  2. Request a pilot tenant. Acronis typically allows MSPs to test new modules at zero cost for 30 days. Use that window to deploy the agent against a non-critical client tenant and run through the restore workflow.
  3. Test the recovery matrix. Focus on scenarios that scare your clients most:
    - Recover a deleted conditional access policy to last-known-good state
    - Roll back unintended changes to user attributes after a directory sync mishap
    - Restore a group and all its memberships without recreating membership manually
    - Perform a cross-tenant restore to simulate a tenant-migration event
  4. Update your service catalog. Add an “Entra ID Backup” line item to your standard Microsoft 365 security package. Bundle it with identity threat protection (e.g., Defender for Identity or your MDR offering) for a premium tier.
  5. Train your service desk. The most frequent use case will be ad-hoc restores requested by panicked client admins. Make sure your Level 1 team knows where the restore button lives and how to guide a client through the approval step (Acronis enforces multi-person authorization for sensitive restores by default).

If you’re an IT admin whose MSP isn’t offering this yet

  • Start the conversation. Forward the Acronis announcement to your account rep with a note: “How does this affect our RTO for identity-related incidents?”
  • Evaluate alternatives. If your MSP can’t or won’t add the service, you may need to look at standalone identity backup tools. Remember that most enterprise-focused solutions require you to host the backup infrastructure yourself and come with steep learning curves. The MSP-delivered Acronis route offloads that operational burden.
  • Document your identity estate. Whether or not you buy a backup tool, having a text-based export of all critical configurations (done weekly via PowerShell) is a free insurance policy. The Microsoft.Graph.Entra PowerShell module can export users, groups, policies, and apps. It’s a manual, brittle process, but it’s better than nothing.

Outlook

Acronis is not alone. Veeam has hinted at Entra ID backup capabilities in a future release, and AvePoint already offers limited configuration backup through its Fly server agent. The difference is channel: Acronis is the first major backup vendor to deliver a turnkey, MSP-native identity backup experience. That positions it well for the SMB market, where 85% of Microsoft 365 seats are managed by partners.

On the Microsoft side, expect the Redmond giant to eventually build more native recovery tools into Entra ID—perhaps expanding the configuration change review feature into a proper backup API. But Microsoft’s pace will be measured; the company is wary of cannibalizing its partner ecosystem. Until then, MSPs that adopt identity backup early will have a compelling story to tell at the next client renewal meeting.