Dropsuite (now a NinjaOne company) launched Dropsuite Entra Backup specifically to address what its docs call “policy drift” in Microsoft Entra ID — Conditional Access policies modified, device configurations changed, app service principals altered. Dropsuite’s pitch is essentially: Microsoft retains audit logs for 30 days, doesn’t expose a recycle bin for many Entra object types, and offers no native “undo” — and that’s the gap Dropsuite Entra Backup fills with unlimited retention, granular recovery, and configuration-change tracking. The product is an MSP-channel offering, sold per-user.
Lavawall® covers the same Entra ID surface — Conditional Access, named locations, authentication methods policy, role assignments, app registrations, service principals, group memberships, custom security attributes — and goes further by snapshotting Intune device-configuration and compliance profiles, the Microsoft 365 tenant organisation settings, and Azure subscription resources (NSGs, Key Vault access policies, RBAC, managed identities). It’s configuration backup for the whole Microsoft cloud, not just Entra.
The other meaningful difference is packaging. Dropsuite Entra Backup is a dedicated SKU. Lavawall®’s configuration backup & rollback is a module of a broader platform — bundled with patching, M365 breach detection, AV/EDR coexistence, GRC compliance, and helpdesk. For an MSP that already runs the rest of the Lavawall® platform, configuration backup is bundled into the Complete tier.
Where Lavawall® wins
Scope beyond Entra. Dropsuite Entra Backup is identity-only. Lavawall® adds Intune (device-config profiles, compliance profiles, app protection policies), M365 tenant org settings, and Azure subscription scope (NSG rules, Key Vault access policies, RBAC role assignments, managed identities). For an MSP, that means one tool covers the whole Microsoft cloud surface area, not just identity.
Bundled with breach detection and audit-log correlation. Each detected change is correlated with the M365 audit log to surface the UPN, IP, and country of who made it. Lavawall® serves both as a config-recovery tool and as part of the breach-detection layer.
Bundled with the rest of the platform. If you’re already on the Lavawall® Complete tier, you don’t add another vendor relationship for config backup — it’s included. If you’re on Professional, the add-on is C$3.95 / US$2.95 per user per month.
Plan → approve → execute rollback. Rollbacks are explicit, reviewable, and auditable. Dry-run mode shows every Graph call before any of them is made. Designed for MSPs operating across many tenants who need clean audit trails on every recovery action.
Where Dropsuite Entra Backup wins
NinjaOne integration. If you’re an MSP standardised on NinjaOne RMM, Dropsuite is the natural identity-backup choice — same vendor, same procurement path, integrated billing.
Identity focus depth. Dropsuite Entra Backup is a dedicated identity backup product with deep retention semantics and Entra-specific recovery patterns refined for that scope.
Mailbox backup paired with identity backup. Dropsuite’s flagship is mailbox/SharePoint backup; Entra Backup is the identity counterpart. If you want one vendor for both content and identity backup, Dropsuite covers that.
Feature comparison
| Feature | Lavawall® | Dropsuite Entra Backup |
|---|---|---|
| Conditional Access policies | Yes | Yes |
| Named locations & authentication strengths | Yes | Yes |
| Authentication methods policy | Yes | Yes |
| Role assignments / PIM | Yes | Yes |
| App registrations / service principals | Yes | Yes |
| Group memberships | Yes | Yes |
| Custom security attributes | Yes | Limited |
| Intune device-config / compliance profiles | Yes | No |
| Intune app protection policies | Yes | No |
| M365 tenant organisation settings | Yes | Limited |
| Azure subscription RBAC role assignments | Yes | No |
| Azure Network Security Group rules | Yes | No |
| Azure Key Vault access policies | Yes | No |
| Plan → approve → execute rollback workflow | Yes | One-click recovery |
| Audit-log correlation in change feed | Yes | Yes |
| Severity rating per change | Yes (info/low/medium/high/critical) | Yes |
| Bundled with breach detection / ITDR | Yes | No |
| Bundled with patching / RMM | Yes — one platform | No |
| Bundled with GRC / framework evidence | Yes — 15+ frameworks | No |
| Bundled with helpdesk & remote support | Yes | No |
| Pricing model | Per-user MSP add-on or bundled in Complete tier | Per-user MSP-channel |
Who should pick which?
Pick Lavawall® if…
You want one tool for Entra plus Intune plus Azure subscription scope.
You want config backup bundled with breach detection, RMM, GRC, and helpdesk on one platform.
You're not standardised on NinjaOne, or you want Lavawall®'s breadth even if you are.
Pick Dropsuite Entra Backup if…
You're standardised on NinjaOne and want one-vendor procurement for the M365 stack.
Identity backup is a discrete budget line not tied to a broader platform decision.
You want Dropsuite's combined mailbox + identity backup story from a single vendor relationship.
Frequently asked
- Is Dropsuite the same as Dropsuite Backup?
- Dropsuite is now a NinjaOne company. Their main product line is mailbox/SharePoint backup, but Dropsuite Entra Backup is a separate product launched specifically for Entra ID configuration protection — Conditional Access policies, device configurations, app service principals.
- Does Lavawall® cover the same Entra objects as Dropsuite Entra Backup?
- Yes — Conditional Access policies, named locations, authentication methods policy, role assignments, app registrations, service principals, group memberships, custom security attributes. Lavawall® additionally covers Intune profiles and Azure subscription resources.
- How is Lavawall® different from Dropsuite Entra Backup?
- Dropsuite Entra Backup is identity-only. Lavawall® covers Entra plus Intune and Azure subscriptions, with the change-monitoring + rollback engine bundled in the broader Lavawall® platform alongside RMM, breach detection, GRC, and helpdesk.