
The Entra ID Recovery Gap with Tim Wolf and Tim Springston, Semperis
Show notes
This episode features Tim Wolf, Senior Solutions Architect at Semperis, and Tim Springston, Principal Product Manager for Recovery Solutions at Semperis.
Tim Wolf spent years as a Microsoft Premier Field Engineer helping enterprise customers architect identity solutions at scale. Tim Springston brings 25 years in identity and security and served as Microsoft's product manager for Azure AD recoverability, including direct involvement in building the Entra ID shared responsibility model documentation.
In this episode, they walk through what the shared responsibility model actually means for Entra tenant data, how token-based attacks sidestep phishing-resistant authentication, and what happens when a threat actor hard-deletes objects and locks you out.
They examine where Microsoft's new Entra ID Identity Resilience Recovery feature stops short, and why planning your recovery before anything goes wrong is the only call to action that matters.
Guest Bios
Tim Wolf Tim Wolf is a Senior Solution Architect at Semperis. Tim's mission is protecting identities. Currently at Semperis, Tim ensures the resilience of Active Directory and Entra ID. Their background includes years as a Microsoft PFE, implementing Zero Trust and modern Authentication like Fido at an enterprise scale. Tim is an active speaker at multiple conferences, advocating for secure and automated identity architectures.
Tim Springston Tim Springston is Principal Product Manager for recovery solutions at Semperis. He has over 25 years' identity and security experience with education, government, and Fortune 500 organizations from around the world. In his 25 years at Microsoft, he led services and support for Active Directory and later for Microsoft's cloud identity platform as it evolved from Windows Azure AD to Azure AD. At Microsoft, he was a recurring speaker at internal TechReady conferences and external events. Prior to Semperis, Tim was Microsoft's product manager for Azure AD (now Entra ID) recoverability and Sophos' IAM product manager for the Sophos Central cybersecurity platform.
Guest Quotes “The first step in resiliency is not just having a backup plan or a backup tool or capabilities to put things back. You need to know what's important to your organization. If you know what's important, you know what to put back, you know when it's broken.” - Tim Springston
“If Entra ID is going down... This is business critical today. You're not available to sign in to Teams, to SharePoint, to Salesforce, to your business critical application. So to really understand Entra ID is business critical.” - Tim Wolf
Time stamps 0:40 Meet Tim Wolf and Tim Springston 2:32 The Microsoft Shared Responsibility Model for Entra ID 6:22 How Entra ID Tenants Are Being Attacked 8:45 Token-Based Attacks Explained 12:26 What Happens When a Threat Actor Takes Over Your Tenant 19:05 Microsoft's New Entra ID Recovery Solution 25:24 The Difference Between Accidents and Adversaries 28:54 Semperis’ Disaster Recovery for Entra Tenant 39:27 Hard Delete and Tenant Cloning Limits 45:30 Resiliency Playbooks and Testing 49:58 Conclusion and Final Thoughts
Sponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world’s leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.
Links Connect with Tim Wolf on LinkedIn