Modern, enterprise-grade Entra ID backup and recovery
Complete Active Directory and Entra ID recovery are essential in today’s hybrid environments. On Demand Recovery extends your on-premises AD recovery strategy to the cloud by backing up Entra ID users, groups, attributes, and policies, including cloud-only objects. Run difference reports to compare backups with what’s live, quickly pinpoint risky changes or deletions, and restore only what’s needed. This centralized, SaaS-based approach reduces complexity, minimizes human error, and helps keep business-critical services available across your hybrid AD and Entra ID estate.
Entra ID under constant attack
identity attacks on Microsoft Entra every day
password attacks blocked every second across Entra
of attack paths now involve identity compromise
Knowledge Center
Ready to protect your Entra ID identities?
FAQ
While Microsoft provides native tools like Entra ID Recycle Bin and access logs, these features do not offer full, point-in-time backup or true attribute-level recovery. Native options cannot restore many cloud-only attributes such as licenses, MFA contact data, application role assignments, directory role membership, group memberships, or Azure application custom attributes. They also can’t recover large numbers of identities at once or compare previous backups with the live directory to pinpoint harmful changes. On Demand Recovery closes these gaps by providing scheduled backups, difference reporting, granular and bulk restore, and hybrid AD coverage. This ensures organizations can quickly reverse accidental or malicious changes, avoid outages, and maintain a secure, consistent identity environment across both on-prem AD and Entra ID.
Identity systems like Entra ID and on-prem AD are prime targets during cyberattacks because compromising users, groups, or authentication settings gives attackers direct access to critical applications. Threat actors often delete accounts, remove MFA, change group memberships, or elevate privileges to persist and spread laterally. Native tools offer limited rollback for these changes, making recovery slow and risky. This Entra ID recovery solution enhances cyber resilience by keeping secure, point-in-time backups of cloud-only and hybrid identity objects, including roles, licenses, MFA contact data, and group memberships. During an attack, IT teams can compare backups to the live directory, identify unauthorized changes, and rapidly restore clean identities at scale, minimizing disruption and re-establishing a trusted identity state.
Quest On Demand Recovery is a SaaS-based identity backup and recovery solution designed to protect Microsoft Entra ID and hybrid Active Directory environments. It helps organizations quickly restore users, groups, attributes, devices, and cloud-only identity objects that are accidentally deleted, modified, or impacted by misconfiguration. By comparing backups with the live directory, it identifies unwanted changes and lets you restore exactly what’s needed without requiring PowerShell. The solution supports granular restores, bulk recovery, difference reporting, and a centralized dashboard for managing on-prem AD and Entra ID identities. By preventing downtime and minimizing the impact of human error or malicious activity, this Entra ID recovery solution ensures business continuity across your hybrid identity environment.
On Demand Recovery is designed for modern hybrid identity environments that span both on-premises AD and Entra ID. It integrates seamlessly with Recovery Manager for Active Directory to deliver a single recovery workflow for cloud-only, hybrid, and on-prem identity objects. You can restore users, groups, memberships, devices, Azure applications, conditional access-related attributes, and more, regardless of where they originated. This unified approach ensures that identities remain consistent across cloud and on-prem directories, reduces operational complexity, and closes the recovery gaps left by native tools like Microsoft’s Recycle Bin. The ability to recover both full objects and specific attributes ensures precise, reliable restoration across hybrid identity systems.
On Demand Recovery is a SaaS-based service that performs scheduled, point-in-time backups of Entra ID and hybrid Active Directory objects, including cloud-only attributes, licenses, roles, MFA contact info, group memberships, and Azure application attributes. Backups are stored securely in Azure Storage using end-to-end encryption. When a restore is needed, ODR compares the selected backup to the live directory using difference reporting, allowing administrators to see exactly which objects or attributes changed. Entra ID recovery can be performed granularly, restoring only specific values, or in bulk for large incidents. For hybrid environments, ODR integrates with Recovery Manager for Active Directory to coordinate cloud and on-prem object restores from a single interface.