English

Dutch

navlogo_blue

English

Dutch

European · ISO-certified · CLOUD-Act-free

Microsoft runs your Azure tenant. We run your recovery plan.

Mindtime keeps immutable, sovereign copies of your Azure workloads in European, ISO 27001-certified facilities — under European law, outside the Microsoft perimeter. If your tenant, admin account or region becomes unavailable, your backups don't go with them.

Book a consultation call See how we differ from Azure Backup
EU-owned, EU-operated ISO 27001, 27017, 27018 Not subject to the US CLOUD Act
Mindtime dashboard preview
Chosen by regulated teams — finance, healthcare, public sector
GDPR-native ISO 27001 ISO 27017 ISO 27018 EU data residency
The Azure Backup reality check

Azure Backup is a great feature. It isn't an independent recovery strategy.

Azure Backup, Recovery Services Vaults and geo-redundant storage all live inside the same Microsoft control plane you're trying to protect against. That's the whole problem.

01

Entra ID is the single point of failure

Compromise a Global Admin, lose a tenant, trigger a lockout — and the Recovery Services Vault holding your backups is compromised or inaccessible in exactly the same moment.

02

Microsoft is a US company

Your data may sit in West Europe or Germany West Central, but Microsoft remains subject to the US CLOUD Act. Data residency is not data sovereignty.

03

M365, Entra and Azure overlap — and leave gaps

Exchange Online, SharePoint, OneDrive, Teams, Entra ID configuration — each has different native retention rules, and none of them are a backup. Until something is deleted, and it's gone.

Mindtime vs Azure Backup

A second, sovereign copy — operated outside the Microsoft estate.

Azure Backup is excellent for operational recovery. Mindtime is the independent copy regulators and boards increasingly require: different jurisdiction, different operator, different identity plane.

Capability Azure Backup (native) Mindtime Sovereign Backup
Legal jurisdiction US (CLOUD Act applies) EU only — contract, operator and storage
Identity plane Microsoft Entra ID Independent identity, decoupled from Entra
Storage location Azure Recovery Services Vaults EU-owned data centres, outside Azure
Immutability Soft delete & immutable vaults WORM-enforced, air-gapped by default
Encryption keys Microsoft-managed or CMK in Azure Key Vault Customer-held or EU-HSM keys
Workload scope Azure VMs, SQL, Files, workloads in VMs Azure + Microsoft 365 + Entra ID config
Compliance posture ISO, SOC, FedRAMP (Microsoft) ISO 27001 / 27017 / 27018 + GDPR-native
Works with Azure Backup Yes — we complement it, we don't replace it
Workload coverage

Azure, Microsoft 365, and the identity tier beneath them.

The Microsoft stack is deeply interconnected. Protect only part of it, and your recovery will fail at exactly the wrong moment.

VM

Azure infrastructure

Azure VMs, managed disks, Azure Files and Blob, Azure SQL, SQL MI, PostgreSQL / MySQL Flexible Server, Cosmos DB, AKS persistent volumes.

M365

Microsoft 365 data

Exchange Online mailboxes, SharePoint sites, OneDrive for Business, Teams chats, channels and files — with item-level restore.

ID

Entra ID & configuration

Users, groups, roles, conditional access policies, application registrations — so you can rebuild a tenant, not just files.

How it works

Three steps to a sovereign recovery plane.

No self-service tenant and a wish of luck. Every deployment is scoped to your RPO, RTO and regulator.

1

Consultation & scoping

A 45-minute call covering your Azure tenant, Microsoft 365 footprint, RTO/RPO targets and the regulators you answer to (DORA, NIS2, BaFin, AFM, etc.).

2

Architecture & deployment

We design the sovereign vault, set immutable policies, and deploy with least-privilege Azure AD app registrations and Graph-API scopes.

3

Verified recoveries

Quarterly restore drills, signed reports for your auditors, and a named European engineer on your account — not a ticket queue.

Compliance & sovereignty

Built for European regulators. Answerable to European law.

Every layer of the service — contract, operator, data centre, encryption key — is inside the EU and outside US jurisdiction.

ISO/IEC 27001

Information security management system, audited annually.

ISO/IEC 27017

Cloud-specific security controls for multi-tenant environments.

ISO/IEC 27018

Protection of personally identifiable information in public cloud.

GDPR & EU Data Act

Lawful basis, DPA, transfer-impact assessments — handled.

DORA-ready

Operational-resilience evidence for financial entities under DORA.

NIS2-ready

Incident response and supply-chain obligations for essential entities.

EU-only operations

EU legal entity, EU staff, EU sub-processors. No US parent.

Customer-held keys

BYOK or EU-HSM. Your data is cryptographically yours.

FAQ

The questions your CISO will ask first.

No. Mindtime complements them. Keep native tools for fast, in-tenant rollbacks; Mindtime is the sovereign, immutable copy held outside Microsoft's control plane.
Microsoft explicitly recommends third-party backup for M365. Retention policies, litigation hold and recycle bins are not backup — they're configurable, overridable, and governed by the same credentials that may have caused the incident.
These are meaningful controls on data residency and processing — they do not remove Microsoft's obligations under the US CLOUD Act. For genuine jurisdictional independence you need an EU-only operator.
We architect to your RTO, including Entra ID configuration and M365 dependencies. For tier-1 workloads we commit to recovery windows measured in minutes to hours, with quarterly tested drills.
Every engagement is custom — no surprise egress bills. After the consultation call we deliver a fixed-fee proposal covering storage, operations and committed restore envelopes.

Talk to a European backup architect.

A 45-minute consultation call. We'll map your Azure & M365 estate, your obligations and your realistic recovery posture — and tell you honestly whether sovereign backup is right for you.

Book a consultation call
Scroll to Top