ValorC3 Data Centers has taken the wraps off a fully managed backup service that promises to lock down Microsoft 365 and Entra ID data with immutable copies, giving organizations a separate safety net for accidental deletions, rogue syncs, and ransomware attacks. The Boise, Idaho-based company announced general availability on July 16, 2026, running the new offering on Veeam Data Cloud and handling everything from policy configuration to restore testing for customers.
What the Service Actually Protects — and How
The service, simply named Backup as a Service (BaaS), covers the core Microsoft 365 collaboration stack: Exchange Online mailboxes, SharePoint sites, Teams chats and files, and OneDrive for Business. Crucially, it also extends to Microsoft Entra ID, the identity and access management backbone that governs user accounts, groups, conditional access policies, and more. Many organizations overlook Entra ID backup, leaving a critical gap that can cause prolonged downtime if a misconfiguration or attack wipes out identity data.
On the infrastructure side, ValorC3’s BaaS can also protect on-premises servers and cloud workloads, alongside Salesforce data, but for Windows administrators and IT teams, the Microsoft 365 and Entra ID coverage is the standout component.
Under the hood, the service runs on Veeam Data Cloud, leveraging its backup and replication engine. ValorC3 isn’t selling new software; it’s offering the operational muscle—Veeam-certified engineers who configure backup policies, monitor job success and failures, test restores periodically, and manage the recovery process when you need it. That’s a critical distinction for stretched IT teams that may have bought backup licenses but struggle to keep up with maintenance and verification.
According to the company, backups are stored in an immutable format, meaning once a recovery point is written, it cannot be altered or deleted—an important defense against ransomware gangs that specifically target backup archives. The default plan includes 14 days of backup history, with longer retention periods and standalone options available. ValorC3 did not publish pricing, service-level agreements, or specific recovery time objectives in its launch announcement, so interested customers will need to engage directly for those details.
What It Means for Windows Admins and IT Teams
For day-to-day Windows administration, this offering addresses a persistent pain point: the uneasy gap between Microsoft’s responsibility for the availability of its cloud services and your own responsibility for your data. Microsoft keeps the lights on for Microsoft 365, but it doesn’t back up your mailboxes or SharePoint libraries in a way that allows point-in-time, outside-the-platform recovery. Native options like retention policies and the recycle bin are helpful against short-term accidents, but they fall short for large-scale incidents, malicious insiders, or sophisticated ransomware that can reach into the tenant and purge or encrypt everything.
With ValorC3’s managed BaaS, you get an independent copy of your data that lives outside the tenant’s control plane. If an administrator account is compromised and wipes all user mailboxes, or if a misconfigured third-party app triggers a mass deletion, the backup provides a path to restore individual items or entire workloads without relying solely on Microsoft’s internal safeguards.
Entra ID backup adds another dimension. Rebuilding a complex identity environment from scratch after a catastrophic misconfiguration or a ransomware attack that encrypts domain controllers is a slow, error-prone process. Having a backup of directory objects, group memberships, and conditional access policies can cut recovery time dramatically. However, organizations should verify exactly what Entra ID objects are covered—the announcement doesn’t specify whether it includes all object types, such as application registrations, administrative units, or privilege identity management roles.
For smaller IT teams that lack dedicated backup administrators, the managed aspect is arguably the biggest draw. ValorC3 says it will run the backup jobs, monitor for failures, and test restores. That turns a set-and-forget licensing purchase into an ongoing operational process that’s far more likely to work when you need it. Still, 14 days of retention is relatively short; many compliance frameworks and operational practices call for months or years of archive. IT managers should ask whether they can extend that window and at what cost.
The immutability promise is strong on paper, but it’s not a magic shield. Immutability typically relies on technologies like write-once-read-many (WORM) storage or legal holds at the cloud provider level, and it’s only as good as the administrative controls that guard the backup infrastructure. If a compromised admin within ValorC3’s management layer could disable immutability or delete the entire backup tenant, then the guarantee weakens. Customers should press for a clear explanation of how immutability is enforced and which identities can modify those settings.
How We Got Here: The Growing Need for SaaS Recovery
The launch doesn’t happen in a vacuum. Over the past few years, ransomware operators have shifted from simply encrypting files to targeting backup systems first, then moving to production data. The infamous “double extortion” tactic often includes deleting or corrupting cloud-based backup repositories that are accessible with stolen credentials. Meanwhile, Microsoft 365’s own recovery capabilities—while improving—remain limited and complex. The shared responsibility model for SaaS is well-documented, but many organizations still misunderstand it, assuming that because Microsoft runs the service, they don’t need their own backups.
Veeam, which powers ValorC3’s service, has been steadily expanding its Microsoft 365 backup offerings since acquiring N2WS and deepening its partnership with Microsoft. The Veeam Data Cloud platform offers a ready-made multi-tenant backup infrastructure that service providers can white-label or resell, which is exactly what ValorC3 is doing. Other managed service providers already offer similar bundles, but the inclusion of Entra ID backup is relatively new and still rare in many competitor products.
ValorC3 itself is a data center and cloud provider that already offers colocation, private cloud, and disaster recovery services. Adding BaaS is a logical step to round out its portfolio. For customers already using Valor Cloud instances, the backup service may integrate with existing billing and support, though the company hasn’t detailed those tie-ins.
What You Should Do Now
If your organization relies on Microsoft 365 and Entra ID, now is the time to audit your current backup and recovery posture. Ask yourself:
- Do you have a recent, tested restore of Exchange Online, SharePoint, or OneDrive data that was not performed through the built-in tools?
- Can you recover a deleted user’s mailbox along with all its permissions and group memberships, including any data in the recoverable items folder?
- If an attacker gained global admin rights and purged all users, how long would it take to rebuild your Entra ID directory? Do you have a backup of your conditional access policies?
- Who is responsible for checking backup jobs? Are failures alerted and acted upon?
- How long is your retention? Does it meet regulatory and business requirements?
For many, the honest answers will reveal significant coverage gaps. Services like ValorC3’s BaaS can fill those gaps, but they’re not the only option. You can deploy Veeam Backup for Microsoft 365 yourself, either on-premises or in the cloud, but you’ll need to manage it. Other managed providers, such as Datto, Acronis, or SkyKick, also offer Microsoft 365 backup services, though not all include Entra ID.
If you decide to evaluate ValorC3’s offering, approach it with a checklist:
- Coverage: Get a detailed list of which Microsoft 365 and Entra ID objects are protected. For Entra ID, confirm whether it includes administrative units, application registrations, group settings, and role assignments.
- Retention: Understand the pricing for longer retention beyond 14 days and the maximum window available.
- Immutability: Ask for a technical description of how immutability is enforced—is it at the storage layer, via Veeam’s insider protection features, or both? Who can change the immutability settings?
- Recovery times: Request realistic recovery time objectives (RTOs) for common scenarios, such as a full mailbox restore or a SharePoint site collection recovery.
- Data residency: Given that ValorC3 is based in Idaho and likely uses U.S. data centers, confirm where backup data is stored and whether it complies with your jurisdiction’s data sovereignty laws.
- Testing: Validate the restore testing claims. Ask to see sample reports or run a pilot restore to see how quickly you can get data back.
- Exit strategy: Know how you can get your data out if you cancel the service. Is there an easy export or migration path?
Even if you sign up for a managed service, don’t completely let go. Regularly review backup reports, participate in periodic restore drills, and maintain strict access controls to the backup management portal. Use multifactor authentication and privileged access management for any accounts that can modify backup policies.
For smaller organizations with limited budgets, consider whether a simpler tool like the Microsoft 365 Compliance Center’s retention policies, combined with the recycle bin and maybe a low-cost cloud-to-cloud backup tool, could suffice. But for any business where data loss would be catastrophic, a fully managed, immutable backup service is fast becoming a necessity, not a luxury.
Outlook
ValorC3’s entrance into the managed BaaS market with immutability and Entra ID backup underscores a broader trend: as SaaS adoption deepens, recovery demands are getting more sophisticated. Expect other regional data center providers to follow suit, bundling similar services with their colocation and cloud offerings. Microsoft may eventually enhance its native backup capabilities, but enterprises are unlikely to fully trust a single vendor for both production and backup. The industry will likely continue moving toward independent, immutable, and often managed backup solutions for critical cloud workloads. Keep an eye on ValorC3 for more detailed SLAs and pricing, and watch how Veeam’s continued investment in SaaS backup shapes the competitive landscape.