Microsoft 365 and on-premises Exchange offer some native means of protection against losing valuable data. To prevent the permanent deletion of mailbox data and to be able to restore a mailbox when it is deleted from the Recycle Bin, it is strongly recommended that you use Microsoft 365 retention policy or Litigation Hold.
About On Demand Recovery
On Demand Recovery Module Overview
Before You Start
Sign up for Quest On Demand
Adding a Microsoft Entra Tenant
Required Permissions
Azure Account Used to Grant Consents
Basic Consent Permissions
Restore Consent Permissions
Exchange Online PowerShell Consent
Service Credential Permissions
Trusted IP Settings
Microsoft 365 Tenant Requirements (Mailbox Data Protection)
Access Control
Working with On Demand Recovery
Backup Unpacking
Restoring Objects
Restoring Directory Roles and Application Roles
Restoring Users
Restoring Groups
Restoring Service Principal Objects
Restoring Applications
Restoring Application Proxy Settings
Restoring Multifactor Authentication Settings
Restoring Group Licenses
Restoring Devices
Restoring Conditional Access Policies
Backup and Restore of Tenant Level Settings
Backup and Restore Administrative Units
Integration with Recovery Manager for Active Directory
Working with Inactive Mailboxes
Hybrid Connection Port and Protocol Requirements
Restoring Email Address or Phone for Self-Service Password Reset
Reporting
Advanced Search
How does On Demand Recovery Handle Object Attributes?
What is Not Protected by Microsoft Entra Connect but Can Be Restored by On Demand Recovery?
Microsoft 365 Tenant Requirements (Mailbox Data Protection)
Microsoft 365 Tenant Requirements (Mailbox Data Protection)
Microsoft 365 Retention Policy
Retention policies do two basic things: they either protect data from deletion or delete unnecessary items.
- Retain content - content cannot be permanently deleted before the end of the retention period.
- Delete content - unnecessary content is permanently deleted at the end of the retention period.
You can create and manage retention policies on the:
- Policies page in the Microsoft 365 compliance center.
- Retention page under Data governance in the Microsoft 365 Security & Compliance Center.
For details, see https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies.
Litigation Hold
As an alternative to retention policies, you can place a mailbox on Litigation Hold to preserve all mailbox content, including deleted items and original versions of modified items.
For more information, see https://docs.microsoft.com/en-us/exchange/policy-and-compliance/holds/litigation-holds?view=exchserver-2019.
Access Control
Access Control
Quest On Demand provides permission-based roles to determine what permission level a user has and what tasks the user can perform.
For more details, see Adding users to an organization section in the On Demand Global Settings User Guide.
List of permissions that can be assigned to Recovery module users
- Can manage backup settings
- Can download hybrid credentials
- Can run backup manually
- Can unpack backups
- Can run difference report
- Can restore from objects
- Can restore from differences
- Can read backup history
- Can read unpacked objects
- Can read differences
- Can read task history
- Can read events
- Can read restore attributes
- Can read UI projects
- Can read UI collections
- Can manage events
|
|
Note: On Demand administrators have full access to global settings and all module permissions. |
