Identity is the new control plane, which means that being able to back up and recover both your on-premises Active Directory and Azure Active Directory (AD) is critical. But most customers I work with don’t know how to respond if sensitive objects are accidentally or maliciously deleted from Azure AD.
See, if you use Microsoft Azure AD or Office 365, it is important to understand the differences between the on-premises Recycle Bin and the Azure AD Recycle Bin. If Azure AD or Office 365 users are deleted in Azure AD or Office 365, they are moved to the Recycle Bin, which is stored in the Office 365 portal. But other deleted Azure AD and Office 365 objects, including Azure AD and Office 365 groups and group membership, are not stored in the Recycle Bin. There are many limitations in the Azure AD Recycle Bin, such as:
- Items that were hard-deleted (meaning these objects bypassed the Recycle Bin altogether) have no native ability to be restored — they are lost forever.
- There is no way to restore specific attributes that have been modified in a user object.
- There is no easy way to restore multiple users at one time from the Azure AD Recycle Bin. You can multi-select users in the Recycle bin GUI, but it’s tedious, and using PowerShell requires advanced expertise that not everyone has.
- There is no Azure AD change log or comparison report to help you determine which users have been changed or deleted.
- And several more that I will dive into during my session at Ignite!
But most organizations don’t even recognize the limitations of native recovery tools until it’s too late.
Since this can be a crucial oversight for some, I’m doing a session on this topic at the Microsoft Ignite conference in Orlando. Yes, that’s right. Quest is back at Ignite, and you can visit us in booth #717 for drinks, food, daily raffle prizes and personalized demos of some of our coolest and newest products.And don’t forget to stop by my session, “What’s your Azure AD recovery plan?” It will take place on Wednesday, September 27 on the Ignite expo show floor from 5:05 to 5:25 PM.
In this session, I will demonstrate:
- What you can and can’t do with the Azure AD recycle bin
- Proactive strategies and solutions you can implement to prevent Azure AD disasters
- How to quickly and securely backup and restore Azure AD and Office 365 users, attributes, groups and group memberships with one of our newest SaaS solutions — Quest On Demand Recovery for Azure Active Directory
Be sure to sign up for my session on the Microsoft Ignite session builder, and don’t forget to come by booth #717 to meet the Quest team.