N-able Cove Data Protection (formerly N-able Backup) is one of the most established MSP backup platforms — cloud-first delivery, included storage, multi-tenant console, and strong reseller economics. For Microsoft 365, Cove backs up the workloads where end-user content lives: Exchange Online mailboxes, OneDrive, SharePoint sites, and Teams chats and files. If a user accidentally deletes an email or a file (or a malicious actor does), Cove restores it.
Lavawall® is solving a different problem. The M365 / Entra / Azure configuration backup module captures the configuration of the tenant — Conditional Access policies, named locations, authentication strengths, role assignments, app registrations, Intune device-config profiles, Azure NSG rules, Key Vault access policies, and so on. When a CA policy is disabled at 2am, when a global admin role is assigned, when an app registration is granted broad scopes — Lavawall® captures that and lets the operator roll it back.
The two products do not overlap. They protect different categories of data, against different categories of incident. Cove is the answer to "the user deleted an email." Lavawall® is the answer to "someone disabled the CA policy that requires MFA on admin sign-ins."
What gets backed up by each
| Object | N-able Cove | Lavawall® |
|---|---|---|
| Exchange Online mailbox content (emails, attachments) | Yes — primary use case | No |
| OneDrive files | Yes | No |
| SharePoint sites and documents | Yes | No |
| Teams chats and channel files | Yes | No |
| Conditional Access policies | No | Yes — primary use case |
| Named locations & auth strengths | No | Yes |
| Authentication methods policy | No | Yes |
| Role assignments (directory roles, PIM eligibles) | No | Yes |
| App registrations & service principals | No | Yes |
| Intune device configuration / compliance profiles | No | Yes |
| Intune app protection policies | No | Yes |
| Azure subscription RBAC role assignments | No | Yes |
| Azure Network Security Group rules | No | Yes |
| Azure Key Vault access policies | No | Yes |
| Custom security attribute definitions | No | Yes |
| Per-object point-in-time rollback | Item-level for content | Per-object diff & rollback for config |
| Continuous change monitoring with severity ratings | No | Yes |
| Audit-log correlation (who made the change, when, from where) | No | Yes — correlates with CON_M365_Audit_Events |
| Mailbox restore granularity (single email) | Yes | N/A — not a content product |
| Plan → approve → execute rollback workflow | N/A | Yes |
Two real-world scenarios
Scenario A — accidental email deletion
What happened: A user empty-trashed a folder containing 3 months of client correspondence.
Cove: Restore the folder from the last good backup. Done in minutes.
Lavawall®: Cannot help. Lavawall® doesn't snapshot mailbox content.
Scenario B — disabled MFA enforcement
What happened: A junior admin disabled the Conditional Access policy that required MFA on admin sign-ins, then left for vacation. A week later the tenant was compromised.
Cove: Cannot help. Cove backs up content, not config.
Lavawall®: The disabled-state change was recorded with severity=critical and the admin's UPN. Rollback restores the policy with one operator action.
Where Lavawall® wins
Configuration scope coverage. Lavawall® tracks ~25 object types across M365, Entra ID, Intune, and Azure subscriptions, captures every change with severity rating, and correlates each change with the M365 audit log to show who, when, and from where.
Rollback is a strict plan → approve → execute lifecycle. Operators see the exact list of Graph API calls before anything happens to the tenant. Dry-run mode lets you preview a rollback without ever calling Graph.
Bundled in the rest of Lavawall®: monitoring is included in Professional tier, full backup & rollback is included in Complete. Add-on pricing for either, available on lower tiers.
Where N-able Cove wins
Anything to do with mailbox, file, or Teams content backup — that's the entire point of Cove and it's a mature product. Long retention (up to 7 or 10 years), included cloud storage, multi-tenant console, ransomware-resilience by design.
For MSPs already standardised on Cove for mail/file backup, Lavawall® sits beside it — the two don't compete.
Who should pick which?
Pick Lavawall® if…
You need to back up tenant configuration — Conditional Access, Intune, role assignments, app registrations, Azure resources.
You want to detect configuration drift in real time and roll back unauthorised changes.
You're running an audit (CMMC, SOC 2, ISO 27001) that needs evidence of what changed in the tenant and who changed it.
Pick N-able Cove if…
You need to back up M365 mailbox / OneDrive / SharePoint / Teams content for accidental deletion, ransomware, or compliance retention.
You're already on N-able and want a single dashboard for server, workstation, and M365 content backup.
Most MSPs run both. Cove for content; Lavawall® for config. They protect against different threats.
Frequently asked
- Does Lavawall® replace N-able Cove?
- No. Cove backs up the contents of mailboxes, OneDrive, SharePoint, and Teams. Lavawall® backs up the tenant configuration — Conditional Access policies, role assignments, app registrations, Intune profiles, NSG rules. They solve different problems and most MSPs run both.
- If I lose a Conditional Access policy, will Cove restore it?
- No. Cove backs up content, not configuration. Restoring a deleted CA policy from Cove is not possible. Lavawall® snapshots configuration objects continuously and provides per-object point-in-time rollback.
- If I lose an email, will Lavawall® restore it?
- No. Lavawall® doesn't back up mailbox content. Use Cove (or another mailbox backup product) for that. Lavawall® backs up the configuration that controls who can access the mailboxes.
- Should I run both?
- Most MSPs do. Mailbox/file content backup and tenant configuration backup are complementary; one is not a substitute for the other. They protect against different categories of incident.