Converse agora com nosso suporte
Chat com o suporte

On Demand Recovery Current - User Guide

Getting Started with Quest On Demand Recovery Working with On Demand Recovery Restoring Directory Roles and Application Roles Restoring Users Restoring Groups Restoring Service Principal Objects Restoring Applications Restoring Application Proxy Settings Restoring Group Licenses Restoring Devices Restoring Conditional Access Policies Restoring Claims Mapping Policy Backup and Restore of Tenant Level Settings Backup and Restore Administrative Units Integration with Recovery Manager for Active Directory Working with Inactive Mailboxes Hybrid Connection Port and Protocol Requirements Restoring Email Address or Phone for Self-Service Password Reset How does On Demand Recovery Handle Object Attributes? What is Not Protected by Microsoft Entra Connect but Can Be Restored by On Demand Recovery?

Getting Started with Quest On Demand Recovery

Quest® On Demand Recovery lets you back up and restore Microsoft Entra ID and Microsoft 365 objects while providing granular recovery, difference reporting, and hybrid integration with Recovery Manager for Active Directory.

Key Features
  • Back up Microsoft Entra ID and Microsoft 365 users, groups, service principals, devices, applications, administrative units, Conditional Access policies, Application Proxy settings, named locations, tenant level settings (such as directory settings, group lifecycle policies, external identity settings, user authentication settings, organization settings), and more.
  • Support for Microsoft Entra B2C tenants.
  • Restore Microsoft Entra ID and Microsoft 365 users, groups, service principals, devices, applications, administrative units, Conditional Access policies, Application Proxy settings, named locations, and tenant level settings.

    NOTE: On Demand Recovery can process two types of Microsoft 365 groups: Microsoft 365 groups and security groups. Group membership and ownership are restored for both types of groups. It does not restore any resources associated with Microsoft 365 groups and Microsoft Teams, such as conversations, Planner tasks and plans.

  • View differences between backups and live Microsoft Entra ID or Microsoft 365 data and revert unwanted changes.
  • Integrate with Quest Recovery Manager for Active Directory to restore on-premises Active Directory objects.

Caution: Microsoft Entra is a dynamic and rapidly evolving platform, which means its APIs may be updated or changed with limited notice. These ongoing changes may occasionally impact features in On Demand Recovery. When possible, Quest aims to provide timely notification to customers in cases of such impact. For the latest updates on Entra ID APIs, refer to the Microsoft Entra ID documentation and Microsoft Graph Changelog .

Objects can be restored from any backup to Microsoft Entra ID or Microsoft 365 without affecting other objects or attributes. Granular restore lets you recover objects that were accidentally deleted or modified in minutes. For more information about the objects and attributes that can be restored, see On Demand Recovery Supported Attributes.

On Demand Recovery is a part of Quest On Demand – a unified cloud platform that provides access to multiple Quest Software tools for Microsoft product management. For information about the management tools and configuration settings that apply to all On Demand modules, see On Demand Global Settings User Guide.

The following sections describe the initial steps to get started with On Demand Recovery:

Accessing Quest On Demand

On Demand management is based on the concepts of organizations. When you sign up for the On Demand service, you create an organization and you are granted the On Demand Administrator role. The organization can then subscribe to modules like Recovery. For more information, see Signing up for On Demand Global Settings in On Demand Global Settings User Guide.

To access Quest On Demand

  1. Go to quest-on-demand.com.
  2. On the Welcome to Quest On Demand page, click Sign in with Microsoft.
  3. Sign in using your Microsoft MFA-enabled account.
  4. As part of the login process with Microsoft Entra ID, users must consent to the set of minimal permissions required by the Quest On Demand application.
  5. Select Create New Organization.
  6. Enter a name for your On Demand organization.
  7. Select the deployment region where you want your data to reside.
  8. Select Create New Organization.

You are signed in as the On Demand Administrator for the new organization. You have the option to start a trial or purchase a commercial subscription to the Recovery module.

Creating a Microsoft Entra Global Administrator Account

To access your Microsoft Entra or Microsoft 365 tenant through On Demand Recovery, an administrative account with the Global Administrator role is required. We recommend creating an account dedicated to On Demand Recovery for enhanced security. Once consent has been granted in On Demand Recovery, the account can be downgraded if necessary. For information on granting On Demand Recovery-specific consent, see Consents and Permissions.

Prerequisites

You have an existing account with the Global Administrator role.

NOTE: If you do not have Global Administrator permissions, contact Microsoft support or your Microsoft 365 administrator.

To create a Global Administrator account in Azure portal

  1. Sign in to Azure portal with an existing Global Administrator account.
  2. Confirm your tenant by checking the tenant name next to your profile icon. To switch tenants, click your profile icon, select Switch directories, and then select the desired tenant from the Directories + subscriptions list.
  3. Navigate to Microsoft Entra ID.
  4. On the Users tab, select New user, then Create new user.
  5. On the Basics tab, enter the required Identity details.
  6. On the Assignments tab, select Add role.
  7. Under Directory roles, choose Global Administrator and then select the Select button.
  8. Select Review + create.
  9. Select Create.

You can now use this account to access your Microsoft Entra ID tenant in On Demand Recovery.

To create a Global Administrator account in Microsoft 365 Admin Center

  1. Sign in to Microsoft 365 admin center with an existing Global Administrator account.
  2. Select Users | Active users, then select Add a user.
  3. Enter basic user information and select Next.
  4. In Optional settings, expand Roles, select Admin center access, then select Global Administrator.


  5. Select Next.
  6. Review and select Finish adding.

You can now use this account to access your Microsoft 365 tenant in On Demand Recovery.

Access Control

Quest On Demand uses the role-based access control (RBAC) security policy that restricts information system access to authorized users. Your Quest On Demand organization comes configured with a number of default roles which cannot be changed, but subscribers can create custom roles with the permissions to perform required tasks on the assets of the organization. For more information, see Access Control: Roles in On Demand Global Settings User Guide.

If you are the On Demand Administrator or the owner of the subscription, you can add users to an existing organization and assign one or more roles. The role assignment determines what permission level a user has and ultimately, what tasks the user can perform. For more information, see Adding users to an organization and assigning a role in On Demand Global Settings User Guide.

The following permissions are available for On Demand Recovery:

  • Recovery for Entra ID: Can Download Hybrid Credentials
  • Recovery for Entra ID: Can Manage Backup Settings
  • Recovery for Entra ID: Can Manage Events
  • Recovery for Entra ID: Can Manage Project Settings
  • Recovery for Entra ID: Can Read Backup History
  • Recovery for Entra ID: Can Read Differences
  • Recovery for Entra ID: Can Read Events
  • Recovery for Entra ID: Can Read Restore Attributes
  • Recovery for Entra ID: Can Read Task History
  • Recovery for Entra ID: Can Read UI Collections
  • Recovery for Entra ID: Can Read UI Projects
  • Recovery for Entra ID: Can Read Unpacked Objects
  • Recovery for Entra ID: Can Restore from Differences
  • Recovery for Entra ID: Can Restore from Objects
  • Recovery for Entra ID: Can Run Backup Manually
  • Recovery for Entra ID: Can Run Difference Report
  • Recovery for Entra ID: Can Unpack Backups

The Recovery for Entra ID Administrator role gives users full access to the On Demand Recovery permissions listed above, plus the following On Demand permissions:

  • Can Export Data (Recovery)
  • Can Read Access Control Roles
  • Can Read Activity Trail (Recovery)

The Recovery Administrator role gives users full access to the Recovery module permissions (Recovery for AD and Recovery for Entra ID), plus the following On Demand permissions:

  • Can Configure Agents
  • Can Export Data (Recovery)
  • Can Read Access Control Roles
  • Can Read Activity Trail (Recovery)
Ferramentas de autoatendimento
Base de conhecimento
Notificações e alertas
Suporte a produtos
Downloads de software
Documentação técnica
Fóruns de usuário
Tutorial em vídeo
Feed RSS
Fale conosco
Obtenha assistência de licenciamento
Suporte técnico
Visualizar tudo
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação