What’s your hybrid AD and Azure AD recovery plan?

Whether you are running a hybrid Active Directory (AD) environment with Azure AD Connect, or have cloud-only objects or attributes that aren’t synchronized, it’s critical for security and compliance purposes to ensure the availability and integrity of both on-premises AD as well as Azure AD.

According to a recent Microsoft blog, there continues to be strong growth with organizations using Azure AD or Azure AD Premium. Here are some of the latest numbers from the blog:


  

With so much momentum around Azure AD, it is too easy to assume that Azure AD has built-in backup and restore capabilities. Don't be taken by surprise!

See, if you use Microsoft Azure AD or Office 365, it is important to understand the differences between on-premises recycle bin recovery and the Azure AD Recycle Bin. If Azure AD or Office 365 users are deleted in Azure AD or Office 365, they are moved to the Recycle Bin, which is stored in the Office 365 portal. But other deleted Azure AD and Office 365 objects, including Azure AD and Office 365 groups and group membership, are not stored in the Recycle Bin. There are many limitations in the Azure AD Recycle Bin, such as:

  • You can recover only recently deleted objects — The Azure AD Recycle Bin will store deleted Azure AD users and Office 365 groups (through PowerShell) for only 30 days. The default is 7 days. This limit can’t be increased, and once the users are gone from the Azure AD Recycle Bin, they are gone forever: Microsoft does not back up or offer restores of deleted Azure AD users beyond the 30-day period.
  • Some objects cannot be recovered — Items that were hard-deleted (meaning these objects bypassed the Recycle Bin altogether) have no native ability to be restored — they are lost forever.
  • You can’t restore specific attributes — There is no way to restore specific attributes that have been modified in a user object.
  • It’s hard to figure out what you need to restore — You need to know which user or users were deleted in order to restore them, but there is no Azure AD change log or comparison report to help you determine which users have been changed or deleted.
  • The list goes on!

The list goes on, and the reality is most organizations don’t even recognize the limitations of native recycle bin recovery tools until it’s too late.

How would you respond if sensitive objects are accidentally or maliciously deleted from your hybrid AD and Azure AD environment?

How can Quest help?

We recently announced the new Recovery Manager for Active Directory 9.0 release. The big story of this new release is that Recovery Manager now integrates with Quest On Demand Recovery for Azure Active Directory to deliver a complete hybrid recovery solution to give customers peace of mind. This is a very exciting release, our first of its kind that integrates an on-prem product with Quest On Demand!

Caption: This image shows the full Recovery Manager for Active Directory Forest Edition, which enables online granular restores as well as automates the manual steps required to recover your entire domain or forest. Now, with the addition of Quest On Demand Recovery for Azure AD,  you can also get secure Azure AD and Office 365 backup and recovery

How does it work?  

Now, with this product integration, Quest On Demand can provide a single recovery dashboard to differentiate hybrid and cloud-only objects, run difference reports between production and real-time backups, and restore all changes, whether on premises or in Azure AD.

See this new hybrid recovery feature in action in this short 3 minute video.