On Demand Recovery Current - Release Notes

About Quest On Demand Recovery

Release Notes

These release notes provide information about the Quest® On Demand Recovery release.

Topics:

• Release History

• Known Issues

• Incident Response Management

• System Requirements

• Product Licensing

• More resources

• Third-Party Contributions

About On Demand Recovery

Quest On Demand Recovery allows you to backup and restore Microsoft Azure Active Directory and Office 365 objects with their properties. These objects can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes. Using the granular restore, objects that were inadvertently deleted or modified can be recovered in a few minutes.

Key features of On Demand Recovery

• Back up Azure Active Directory and Office 365 users, groups, contacts, service principals, conditional access policies and device information.

  On Demand Recovery automatically backs up your directory on a regular basis.

• Granular, selective restore of Azure Active Directory and Office 365 users, groups, service principals, conditional access policies, devices, inactive mailboxes for permanently deleted users.

  Users, groups, service principals and devices can be selected in a backup and then restored to Azure Active Directory or Office 365 without affecting other objects or attributes.

• Backup and restore Azure Active Directory B2C users and groups

  On Demand Recovery supports Azure Active Directory B2C tenants.

• Restore users or Office 365 groups from Recycle Bin

  Restore users and Office 365 groups that were inadvertently moved to Recycle Bin.

• Cloud solution: backup snapshots are stored in the cloud.

  On Demand Recovery does not require to install or maintain any additional software.

• Comparison reporting

  This feature lets you view differences between the selected backup and live Azure Active Directory or Office 365 and revert unwanted changes.

• Integration with Recovery Manager for Active Directory

  On Demand Recovery can be integrated with Recovery Manager for Active Directory 9.0 or higher to restore on-premises objects that were synchronized with cloud by Azure AD Connect.

 

Release History

Release 1.5.34 (2020/10/05)

Fixes

Issue ID	Description
RMAZ-1623	Made adjustments to the Application Proxy backup and restore feature to compensate for the modification that Microsoft made to an API endpoint.

 

Previous releases

Release 1.5.33 (2020/10/01)

Fixes

Issue ID	Description
RMAZ-1606	Second restore of hard deleted user unable to complete due to more than one user being found when matching.

Release 1.5.32 (2020/09/24)

New Features

Issue ID	Description
RMAZ-1335	From this version, On Demand Recovery restores Azure AD Application Proxy applications.
RMAZ-1435	Application Proxy settings can be restored from the Differences report.

Release 1.5.31 (2020/08/27)

Fixes

Issue ID	Description
RMAZ-1436	On Demand Recovery can restore/validate application role assignments that have invalid IDs

Release 1.5.29 (2020/08/13)

New Features

Enhancement ID	Description
RMAZ-1559	From this version, On Demand Recovery restores gallery applications using Beta API.

Release 1.5.26 (2020/07/28)

Fixes

Issue ID	Description
RMAZ-1482	On Demand Recovery may display wrong timestamps for hybrid objects on the Events screen.

Release 1.5.25 (2020/07/23)

Fixes

Issue ID	Description
RMAZ-1443	The Hybrid restore operation does not randomly restore some hybrid attributes.

Release 1.5.23 (2020/07/16)

New Features

Enhancement ID	Description
RMAZ-1457	When deleting a group, all links that were affected by this action are shown in the Differences report, e.g. Azure AD group membership, SharePoint groups membership, conditional access policies, group owners, and application assignments.

Release 1.5.22 (2020/06/30)

Fixes

Issue ID	Description
RMAZ-1452	Backup creation can fail when getting a password from Azure Key Vault.
RMAZ-1448	Hybrid recovery from encrypted backups does not work.

Release 1.5.21 (2020/06/18)

Fixes

Issue ID	Description
RMAZ-1317	Hybrid recovery stability has been improved.

Release 1.5.20 (2020/06/16)

Fixes

Issue ID	Description
RMAZ-1442	Improved stability of On Demand Recovery backups.

Release 1.5.18 (2020/06/09)

Fixes

Issue ID	Description
RMAZ-1432	The ssoSettings attribute of a service principal cannot be restored for the corresponding non-gallery Application.

Release 1.5.17 (2020/06/02)

Fixes

Issue ID	Description
RMAZ-1428	Backup settings did not display correctly in the "Create backup" dialog due to a problem with the empty 'created' field.

Release 1.5.16 (2020/05/28)

Fixes

Issue ID	Description
RMAZ-1410	Unpacking may fail if the error report description is too long.
RMAZ-1425	The backup task can hang if no tenant is selected.

Release 1.5.15 (2020/05/21)

Fixes

Issue ID	Description
RMAZ-1394	Membership in SharePoint cannot be restored due to not enough retries after re-creating the group.

Release 1.5.14 (2020/05/19)

Fixes

Issue ID	Description
RMAZ-1267	Improving stability when reattaching an inactive mailbox.

Release 1.5.13 (2020/05/07)

Fixes

Issue ID	Description
RMAZ-1402	Fixed problems with recovery of inactive mailboxes.

Release 1.5.12 (2020/04/30)

Fixes

Issue ID	Description
RMAZ-1370	The backup operation is faster due to reducing of backup memory usage for the SharePoint target.
RMAZ-1380	During user recovery, you may get an error about failed createdByAppId attributes.

Release 1.5.11 (2020/04/23)

Fixes

Issue ID	Description
RMAZ-1156	On Demand Recovery shows an error when trying to restore the application assignment twice or restore the user from Recycle Bin.

Release 1.5.9 (2020/04/07)

Fixes

Issue ID	Description
RMAZ-1343	Backup creation could fail due to exceeding the memory size limit. Now memory resources are consumed more efficiently.

Release 1.5.8 (2020/03/26)

Fixes

Issue ID	Description
RMAZ-1164	More reliable backups: On Demand Recovery uses retry strategy for data required to restore SSO and Azure Gallery applications.

Release 1.5.7 (2020/03/24)

Fixes

Issue ID	Description
RMAZ-1210	From October 13th, 2020 Microsoft will stop supporting Basic Authentication access to Exchange Online for Office 365 customers. Now On Demand Recovery is prepared for this change.

Release 1.5.6 (2020/03/12)

Fixes

Issue ID	Description
RMAZ-1320	Now On Demand Recovery does not restore attribute annotations without values.

Release 1.5.5 (2020/03/05)

Fixes

Issue ID	Description
RMAZ-1249	On Demand Recovery does not restore the membership of a user in a Distribution List group.
RMAZ-1307	Now On Demand Recovery uses the retry strategy if an error occurred while creating a group.
RMAZ-1321	The Object unpack operation could fall when processing large backups.

Release 1.5.4 (2020/02/27)

New Features

Enhancement ID	Description
RMAZ-1285	On Demand Recovery supports restore of SharePoint links for guest users.
RMAZ-1295	Now hybrid groups are matched by SID to make restore more reliable.

Release 1.5.2 (2020/02/20)

Fixes

Issue ID	Description
RMAZ-1303	There is no backup statistics if the backup credentials are incorrect.

Release 1.5.1 (2020/02/18)

New Features

Enhancement ID	Description
RMAZ-1208	Now the SharePoint consent is detected automatically for SharePoint backups.
RMAZ-1265	On Demand Recovery has made the switch to a brand new UI style.
RMAZ-1286	On Demand Recovery shows a number of non-empty SharePoint groups and a number of SharePoint links in the backup statistics.

Release 1.4.30 (2020/02/11)

Fixes

Issue ID	Description
RMAZ-1291	Now On Demand Recovery does not restore SharePoint data for Guest users to avoid any potential corruption of sharing features for such users.
RMAZ-1293	Tenant name data was missing in backups.

Release 1.4.29 (2020/02/04)

Fixes

Issue ID	Description
RMAZ-1287	Now On Demand Recovery can create the Differences report for old backup with SharePoint data.

Release 1.4.28 (2020/01/28)

New Features

Enhancement ID	Description
RMAZ-1268	Now the Type facet on the Unpacked objects view and the Differences view shows groups by types (Security Group, Office 365 Group, Distribution Group, Mail-enabled Security Group).

Release 1.4.27 (2020/01/23)

Fixes

Issue ID	Description
RMAZ-1245	Recovery of service principal could fail when restoring the application from Recycle Bin.

Release 1.4.26 (2020/01/16)

New Features

Enhancement ID	Description
RMAZ-1243	On Demand Recovery supports restore of SharePoint Online resource access for Azure AD users and groups. For details, see the "Restoring SharePoint Online Resource Access" section in User Guide.

Release 1.4.25 (2020/01/14)

Fixes

Issue ID	Description
RMAZ-1257	Error handling is improved.

Release 1.4.24 (2019/12/26)

Fixes

Issue ID	Description
RMAZ-1257	Stability of On Demand Recovery backups has been improved.

Release 1.4.23 (2019/12/24)

New Features

Enhancement ID	Description
RMAZ-1248	On Demand Recovery supports restore of group licenses.

Release 1.4.22 (2019/12/19)

New Features

Enhancement ID	Description
RMAZ-1224	On Demand Recovery supports backup of SharePoint group membership.

Release 1.4.21 (2019/12/17)

New Features

Enhancement ID	Description
RMAZ-1247	On Demand Recovery supports backup of group licenses.

Release 1.4.20 (2019/12/05)

New Features

Enhancement ID	Description
RMAZ-1181, RMAZ-1182	On Demand Recovery can distinguish inherited and direct user licenses and restore them.

Release 1.4.19 (2019/12/03)

New Features

Enhancement ID	Description
RMAZ-1234	On Demand Recovery clusters and customer data have been moved from UK South to North Europe (Ireland).

Release 1.4.17 (2019/11/19)

Fixes

Issue ID	Description
RMAZ-1222	Differences report: Now On Demand Recovery restores licenses for users that were moved to Recycle Bin.

Release 1.4.16 (2019/11/14)

Fixes

Issue ID	Description
RMAZ-1173	Now conditional access policies take effect immediately after restore.

Release 1.4.15 (2019/11/07)

Fixes

Issue ID	Description
RMAZ-1187	The Differences report could fail due to the "Out of Memory" error.
RMAZ-1214	If a user that has the manager is moved to Recycle Bin and you try to unpack a backup or view the Differences report, it will contain incorrect information.

Release 1.4.14 (2019/10/31)

Fixes

Issue ID	Description
RMAZ-1212	In some cases, the Differences report may fail if a user that has licenses (e.g. Office 365 license) is deleted.

Release 1.4.13 (2019/10/29)

Fixes

Issue ID	Description
RMAZ-1200	If a user does not refresh the product page, tenant addition or deletion may happen with a long delay.
RMAZ-1195	Restore hard-deleted dynamic group could fail while waiting for group links restore.

Release 1.4.12 (2019/10/16)

Fixes

Issue ID	Description
RMAZ-1196	A user could not run a manual backup or scheduled backups configuration could be lost if the same tenant was removed and then added again.

Release 1.4.11 (2019/10/08)

New Features

Enhancement ID	Description
RMAZ-1122	Now a time-based retention policy is created automatically every 30 minutes to prevent any changes or deletions of files from backups.

Fixes

Issue ID	Description
RMAZ-1186	On Demand Recovery does not show errors related to some changes of list attributes.

Release 1.4.10 (2019/10/03)

New Features

Enhancement ID	Description
RMAZ-1028	Support for restore of group visibility attributes.
RMAZ-1114	Support for restore of dynamic groups.
RMAZ-1115	We have added a new Hybrid Connection widget on Dashboard. Now the widget shows more details about the status of hybrid connection.

Fixes

Issue ID	Description
RMAZ-1177	Now On Demand Recovery does not try to apply group attributes to hard deleted users during the restore operation.

Release 1.4.09 (2019/09/24)

Fixes

Issue ID	Description
RMAZ-1106	Dynamic group membership links are excluded from backup. This makes the backup process faster and optimizes space taken by backups.
RMAZ-1027	Now On Demand Recovery does not show errors about deletion of Quest On Demand - Recovery for Azure Active Directory service principal from the owners list.

Release 1.4.07 (2019/09/10)

Fixes

Issue ID	Description
RMAZ-1106	Now On Demand Recovery shows whether the specified credentials are valid or not in the Manage backup dialog.
RMAZ-1110	Reliability of immutable backups is improved.

Release 1.4.09 (2019/09/24)

Fixes

Issue ID	Description
RMAZ-1106	Dynamic group membership links are excluded from backup. This makes the backup process faster and optimizes space taken by backups.
RMAZ-1027	Now On Demand Recovery does not show errors about deletion of Quest On Demand - Recovery for Azure Active Directory service principal from the owners list.

Release 1.4.04 (2019/08/29)

Fixes

Issue ID	Description
RMAZ-1152	If the Azure Active Directory token is expired, the "failed backup" notification is sent only once each time a backup fails.

Release 1.4.03 (2019/08/13)

Fixes

Issue ID	Description
RMAZ-1136	Now tenant synchronization checks collections to avoid wrong information in the user interface.

Release 1.4.02 (2019/08/08)

New Features

Enhancement ID	Description
RMAZ-1145	Creation of new users/groups is enabled by default during restore. This means that the following restore options are selected: "Restore deleted objects from Recycle Bin" and "If an object is not found in Recycle Bin, create a new one".

Fixes

Issue ID	Description
RMAZ-1139	Stability of inactive mailbox restoring is improved.

Release 1.4.01 (2019/08/06)

New Features

Enhancement ID	Description
RMAZ-978	Now MFA settings can be restored from the Differences report.

Fixes

Issue ID	Description
RMAZ-1135	Conditional access policies with configured location as "All trusted locations" are restored without errors.

Release 1.4 (2019/07/30)

New Features

Enhancement ID	Description
RMAZ-900	Support for permission-based access control. Using this feature you can determine what permission level a user has and what tasks the user can perform in On Demand Recovery.
RMAZ-1117	If a "limited" user logs in the organization that does not contain unpacked objects and the user does not have rights to unpack backups or refresh the Difference report, On Demand Recovery shows the message about required permissions.

Release 1.3.18 (2019/07/25)

New Features

Enhancement ID	Description
RMAZ-1108	We have added the option to delete an existing hybrid user from Azure Active Directory when restoring the user with a federated mailbox. This option lets you preserve the original cloud mailbox of the user after restore. For more details, see Working with On Demand Recovery.
RMAZ-1095	Sign-in for hard-restored federated hybrid users is now blocked before Azure AD synchronization is completed.

Release 1.3.17 (2019/07/23)

New Features

Enhancement ID	Description
RMAZ-1109	Restore of service principals becomes more reliable. Now On Demand Recovery uses the retry strategy when creating service principal objects.
RMAZ-1096	Hybrid users are matched by immutableId (if any) to avoid duplications.

Fixes

Issue ID	Description
RMAZ-1111	Backup errors handling was improved.

Release 1.3.16 (2019/07/18)

Fixes

Issue ID	Description
RMAZ-1082	On Demand Recovery backups are prepared for using immutable policies.

Release 1.3.15 (2019/07/16)

Fixes

Issue ID	Description
RMAZ-1102	Backup statistics could contain wrong data.

Release 1.3.14 (2019/07/11)

New Features

Enhancement ID	Description
RMAZ-1088	On Demand Recovery can restore inactive mailboxes of hard-deleted users for Federated Domain (hybrid configuration).

Release 1.3.13 (2019/07/09)

Fixes

Issue ID	Description
RMAZ-1073	Read-only service principal attributes are skipped when restoring from the Differences report.

Release 1.3.12 (2019/07/02)

Fixes

Issue ID	Description
RMAZ-1085	appRoleAssignments could be restored twice when both a hard deleted ServicePrincipal and the corresponding AppRoleAssignments were selected for restore.

Release 1.3.11(2019/06/25)

New Features

Enhancement ID	Description
RMAZ-938, RMAZ-1005	On Demand Recovery can backup and restore memberOf attributes for service principal objects.
RMAZ-1072	On Demand Recovery supports restore of group claims for SAML SSO.

Release 1.3.10 (2019/06/04)

New Features

Enhancement ID	Description
RMAZ-1036	On Demand Recovery restores permanently deleted Office 365 groups as Private by default.
RMAZ-1046	For service principals provisioned from Azure Gallery: On Demand Recovery restores attributes from the User Attributes & Claims section in the Single Sign-On with SAML configuration. For limitations, see Backup and Restore of Service Principal Objects.

Release 1.3.09 (2019/05/28)

New Features

Enhancement ID	Description
RMAZ-1056	On Demand Recovery can restore a user that has been in Recycle Bin for more than 30 days and the user account has been permanently removed from the Microsoft Online directory. In this case, we perform restore of hard deleted user.
RMAZ-1059	Stability of the tenant list synchronization has been improved.

Release 1.3.08 (2019/05/23)

New Features

Enhancement ID	Description
RMAZ-1055	On Demand Recovery supports Recovery Manager for Active Directory encrypted backups for hybrid restore.
RMAZ-1064	Audit events are added for backup tasks.

Release 1.3.07 (2019/05/21)

New Features

Enhancement ID	Description
RMAZ-1045	On Demand Recovery can backup attributes from the User Attributes & Claims section in the Single Sign-On with SAML configuration (for service principals provisioned from Azure Gallery ).

Fixes

Issue ID	Description
RMAZ-1060	Unpack or difference report task could fail with the error "Failed to collect live Azure AD data" due to slow start of the backup task. Now the backup startup timeout is increased to 10 minutes.
RMAZ-1018	The misleading error message may occur "Invalid user name and password" due to the DNS Server issue. Now this problem is resolved.

Release 1.3.06 (2019/05/07)

New Features

Enhancement ID

Description

RMAZ-1020, RMAZ-999

On Demand Recovery supports restore of service principals provisioned from Azure Gallery for users that have the service account for the tenant. This account must have at least one of the following roles in Azure portal: Exchange administrator or User administrator. To make SAML SSO work after the restore of such service principal objects, you have to install the new certificate for the application.

Release 1.3.05 (2019/04/24)

New Features

Enhancement ID	Description
RMAZ-830	More detailed information about MFA methods now is shown on the facet panel on the Unpacked objects view.

Release 1.3.04 (2019/04/16)

Fixes

Issue ID	Description
RMAZ-1025	The Create backup option did not work on the main Dashboard view.

Release 1.3.03 (2019/04/11)

New Features

Enhancement ID	Description
RMAZ-997	If a conditional access policy contains invalid data, On Demand Recovery shows a warning specifying which items were missing and restores the policy to the previous state.

Release 1.3.02 (2019/04/09)

New Features

Enhancement ID	Description
RMAZ-1009	Restore of the companyName user attribute in the cloud-only scenario. Restore of the following list of service principal attributes: notificationEmailAddresses preferredSingleSignOnMode samlSingleSignOnSettings
RMAZ-992	From this release, restore of object application role assignments works faster. Now On Demand Recovery can use cache for fast lookup of links by source_object_id or target_object_id without using the entire backup.

Release 1.3.01 (2019/04/04)

Fixes

Issue ID	Description
RMAZ-988	A mailbox was lost after the second restore of the permanently deleted user because we did not store history of NetID. Now On Demand Recovery keeps NetID data and the second restore operation will run correctly in this case.

Release 1.3 (2019/04/02)

Features

Enhancement ID	Description
RMAZ-949	Support for backup and restore of Conditional Access policies for Azure Active Directory.
RMAZ-939	Changes related to Conditional Access policies are shown in the Differences report.
RMAZ-987	During restore of deleted Conditional Access policy, On Demand Recovery checks whether objects assigned to the policy exist in Azure Active Directory.
RMAZ-989	Conditional Policy objects are updated when restoring permanently deleted objects (users, groups).
RMAZ-990	Number of policy objects in the backup is displayed on the Backups tab.

Fixes

Issue ID	Description
RMAZ-986	The Differences report did not show attribute changes when the last change was older than the last backup. Now the backup comparison functionality works correctly.

Release 1.2.97 (2019/03/21)

Enhancements

Enhancement ID	Description
RMAZ-586	Support for backup of Conditional Access policies for Azure Active Directory.

Release 1.2.96 (2019/03/19)

Resolved Issues

Issue ID	Description
RMAZ-977	Azure AD Connect matching issue: A duplicated user was created after restore of hard deleted hybrid user if this user had Office Mailbox before deletion.
RMAZ-981	In some cases, the Differences report could contain null attribute values.

Release 1.2.95 (2019/03/12)

Resolved Issues

Issue ID	Description
RMAZ-967	Memory usage has been reduced with improving the caching algorithm.
RMAZ-973	Cannot unpack a backup or restore a user if MSOL data contain special symbols in the Unicode format. Now this issue is fixed.

Release 1.2.94 (2019/03/07)

Resolved Issues

Issue ID	Description
RMAZ-954	Cannot add application assignments during hybrid restore of a group with the error: "Resource [GUID] does not exist or one of its queried reference-property objects are not present." Now On Demand Recovery retries the restore operation in this case and this resolves the issue.
RMAZ-971	Cannot backup MSOL data when parameter values contain special symbols in the Unicode format. Now this issue is fixed.

Release 1.2.93 (2019/03/05)

Resolved Issues

Issue ID	Description
RMAZ-965	Some properties were not handled correctly during restore of owners with the errors like "Failed to remove the owner from the group ."

Release 1.2.92 (2019/02/28)

Enhancements

Enhancement ID	Description
RMAZ-896	Performance of backup and unpack operations is improved for tenants with a lot of devices.
RMAZ-950	Added the Unpack service principals and devices option that is used to limit a scope of unpacked objects. If this option is not selected, the unpack operation will work faster and the Differences report will contain only changes related to users and groups. Otherwise, you will see changes related to users, groups, service principals and devices. For more details, see here.

Release 1.2.91 (2019/02/26)

Enhancements

Enhancement ID	Description
RMAZ-928	With On Demand Recovery, now you can restore group owners from the Differences report.

Resolved Issues

Issue ID	Description
RMAZ-944	On Demand Recovery cannot backup group owners for group with more than 20 owners. Now this issue is fixed.
RMAZ-948	Backup can fail if requests to MSOL API have timeout of more than 5 minutes and more than 5 retries are performed. Now the time limit and number of retries for requests to MSOnline are increased.
RMAZ-955	The error "Failed to unpack delta changes" occurred in the Differences report if the manager attribute was changed.

Release 1.2.90 (2019/02/14)

Resolved Issues

Issue ID	Description
RMAZ-912	If the service user account specified in the Configure backup dialog is correct and you reopen the dialog, and then press Test connection, the previously saved password will be used and you will see the OK message. Otherwise, you will get an error message.
RMAZ-946	Now processing of large backups takes less time and works more stable for large directories.

Release 1.2.89 (2019/02/07)

Enhancements

Enhancement ID	Description
RMAZ-933	Added the new option Show all changes to Azure AD objects in the Backup Unpacking dialog. If this option is not selected (by default), the unpack operation will work faster and the Differences report will contain only changes related to users, groups, membership and managers.
RMAZ-625	Now On Demand Recovery restores inactive mailboxes for permanently deleted users.

Release 1.2.87 (2019/01/31)

Enhancements

Enhancement ID	Description
RMAZ-921	Now Recovery Audit Log contains information about customer activity.

Release 1.2.86 (2019/01/29)

Enhancements

Enhancement ID	Description
RMAZ-882	Service principal owners can be restored from the Differences report.

Release 1.2.85 (2019/01/24)

Resolved Issues

Issue ID	Description
RMAZ-872	Cannot backup an Azure tenant when more than 1000 users/groups are assigned to one directory role.

Release 1.2.84 (2019/01/15)

Enhancements

Enhancement ID	Description
RMAZ-876	On Demand Recovery restores device information and navigation properties.
RMAZ-915	The "Test connection" link is not shown when the option Backup Multi-Factor Authentication settings is disabled.

Resolved Issues

Issue ID	Description
RMAZ-906	Deleting a temporary file that is created when building the Differences report can cause an error.

Release 1.2.83 (2019/01/10)

Enhancements

Enhancement ID	Description
RMAZ-880	User/group assignments to service principals can be restored from the Differences report.
RMAZ-896	Backup of service principal links and unpack for the Differences report work faster.

Release 1.2.80 (2018/12/18)

Resolved Issues

Issue ID	Description
RMAZ-889	Now the Differences report works correctly if a user changes the passwordProfile attribute.
RMAZ-897	Performance of backup statistics is improved.
RMAZ-910	On Demand Recovery skips the Read-Only attribute userStateChangesOn.

Release 1.2.79 (2018/12/13)

Enhancements

Enhancement ID	Description
RMAZ-632, RMAZ-640	User/group assignments to service principals can be restored from the Differences report.
RMAZ-881	On Demand Recovery tries to use both types of Azure tenant tokens - the token with user claims and without user claims.

Release 1.2.78 (2018/12/12)

Enhancements

Enhancement ID	Description
RMAZ-892	Changes in the user interface: new widgets on the Dashboard view New "backups" widget New "backup configuration" widget New "unpacked objects" widget New "differences" widget

Release 1.2.77 (2018/12/06)

Resolved Issues

Issue ID	Description
RMAZ-887	On Demand Recovery does not show the error "Cannot restore attributes" during the cloud restore of companyName and onPremDistinguishedName user attributes in hybrid configuration.

Release 1.2.76 (2018/12/04)

Resolved Issues

Issue ID	Description
RMAZ-858	Now On Demand Recovery skips attributes that throw error 403 and continues the restore operation.

Release 1.2.75 (2018/11/29)

Enhancements

Enhancement ID	Description
RMAZ-878	Number of device objects is shown in the backup statistics.

Release 1.2.74 (2018/11/27)

Enhancements

Enhancement ID	Description
RMAZ-851	From this version, On Demand Recovery can back up device information.

Release 1.2.73 (2018/11/22)

Resolved Issues

Issue ID	Description
RMAZ-859	Backup creation will be started immediately after the backup schedule is enabled.

Release 1.2.72 (2018/11/20)

Resolved Issues

Issue ID	Description
RMAZ-849	If a user with an assigned role has been permanently deleted, two items are shown in the Difference report: role deletion and user deletion. Now in this case, On Demand Recovery supports restore of the linked object (role) from the Differences report.
RMAZ-850	On Demand Recovery skips links to dynamic groups.

Release 1.2.71 (2018/11/13)

Enhancements

Enhancement ID	Description
RMAZ-785	On Demand Recovery traffic is protected from passive attacks by the following technologies: TLS 1.2 is enforced Key-agreement protocols are used Anonymous Diffie-Hellman key exchange method is not used because it is susceptible to Man in the middle (MITM) attacks
RMAZ-843	On Demand Recovery audit logs are published to On Demand Core and can be provided by request.

Release 1.2.70 (2018/10/30)

Enhancements

Enhancement ID	Description
RMAZ-797	Support for Read-access geo-redundant storage (RA-GRS) for the Disaster Recovery plan. For details, see https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy-grs#read-access-geo-redundant-storage.
RMAZ-801	On Demand Recovery temporary storage is moved to a separate Locally Redundant Storage (LRS) account. This reduces our cost of storing temporary data, e.g. statistics and differences report data.

Resolved Issues

Issue ID	Description
RMAZ-771	On Demand Recovery restores user ownership for groups when a user object is selected for restore.

Release 1.2.69 (2018/10/23)

Resolved Issues

Issue ID	Description
RMAZ-740	If you unpack the backup that exists in the On Demand Recovery user interface but is removed from the Azure storage due to the retention policy, the unpack task will fail.
RMAZ-825	The Request package vulnerability CVE-2018-18074 is fixed.

Release 1.2.68 (2018/10/18)

Resolved Issues

Issue ID	Description
RMAZ-829	Backup of MFA settings may fail if the specified administrator account is a member of at least one group. Now this issue is fixed.

Release 1.2.67 (2018/10/16)

Enhancements

Enhancement ID	Description
RMAZ-788	Now On Recovery sends email notification when the account credentials that are used to backup MFA settings are invalid
RMAZ-803	On Recovery checks whether the account that is used to backup Multi-Factor Authentication settings is valid and has sufficient permissions.
RMAZ-821	On Demand Recovery restores email address or phone number that was specified as an authentication method for the Password Reset user option in Azure portal. For more details, see here.

Release 1.2.66 (2018/10/09)

Enhancements

Enhancement ID	Description
RMAZ-773	On Demand Recovery now restores the 'owners' attribute for a group if you select the group for restore. Group ownership is not restored if you select a user.
RMAZ-784	On Demand Recovery does not retain credentials that are used to backup MFA settings if you delete a tenant or uncheck the Backup Multi-Factor Authentication settings option in the Configure backup dialog for the tenant.

Release 1.2.65 (2018/10/02)

Resolved Issues

Issue ID	Description
RMAZ-704	Enchancements to restore of Multi-Factor Authentication (MFA) settings.
RMAZ-791	Now On Demand Recovery correctly displays tenant names that contain Unicode characters.
RMAZ-792	From this release, MFA attributes are displayed correctly in restore events.
RMAZ-800	Fixed the issue related to creation of the Differences report for old backups that contain MFA settings.

Release 1.2.64 (2018/09/25)

Enhancements

Enhancement ID	Description
RMAZ-748	Enchantments related to compliance with ISO 27001 Control 8.2.

Release 1.2.63 (2018/09/20)

Enhancements

Enhancement ID	Description
RMAZ-778	The "Backup MFA" column was added to the Manage backups and Create backup dialogs. This column indicates whether Multi-Factor Authentication settings are included in the tenant backup or not. NOTE: If the MFA backup failed (for example, if tenant admin credentials are incorrect), the backup task will have the Failed status.

Resolved Issues

Issue ID	Description
RMAZ-781	Some issues with setting up the password for MFA backup were fixed.

Release 1.2.62 (2018/09/18)

Enhancements

Enhancement ID	Description
RMAZ-702, RMAZ-703	Support the backup and restore of Multi-Factor Authentication (MFA) settings. The Backup Multi-Factor Authentication settings option is located in the Configure backup dialog.

NOTE:

• To backup MFA settings, tenant admin credentials are required.

• Restore of MFA settings is performed using delegated token.

Release 1.2.61 (2018/09/11)

Resolved Issues

Issue ID	Description
RMAZ-765	A task now can be started even if you experience some slowness in accessing WCF Relay.

Release 1.2.60 (2018/08/21)

Enhancements

Enhancement ID	Description
RMAZ-753	Now On Demand Recovery creates four backups per day.

Resolved Issues

Issue ID	Description
RMAZ-750	Differences report can be created for a backup that contains a service principal where several SAML signing certificates are configured and at least one of them is expired.

Release 1.2.59 (2018/08/14)

Enhancements

Enhancement ID	Description
RMAZ-724	In this release, we have improved the overall stability of the application. Quest Identity Broker is no longer used for the product operations.
RMAZ-725	On Demand Recovery can backup service principals that own more than 1000 objects.

Release 1.2.58 (2018/08/03)

Enhancements

Enhancement ID	Description
RMAZ-680	On Demand Recovery is moved to Azure Kubernetes Service cluster.

Resolved Issues

Issue ID	Description
RMAZ-686	The role assignment event now shows the role name.
RMAZ-715	Restore of RoleAssigmets works fine for groups on the Objects view.

Release 1.2.57 (2018/07/24)

Enhancements

Enhancement ID	Description
RMAZ-661	Support for Canada Region.
RMAZ-671	Azure Active Directory can be used for authentication to OnDemand Core.

Resolved Issues

Issue ID	Description
RMAZ-682	On Demand Recovery restores appRolesAssignments property for user objects.

Release 1.2.56 (2018/07/18)

Resolved Issues

Issue ID	Description
RMAZ-672	If you delete a tenant from OnDemand Core, the scheduled backup for this tenant will be stopped.
RMAZ-683	Refresh of the Difference report works fine for backups that contain 200 000 users or more.
RMAZ-685	On Demand Recovery restores appRoleAssignments for the user if this user had multiple role assignments.
RMAZ-689	Assignments of users to a service principal work even if the application was re-provisioned by a customer.

Release 1.2.55 (2018/07/10)

Resolved Issues

Issue ID	Description
RMAZ-649	Now On Demand Recovery can unpack large backups that contain 200 000 users or more.

Release 1.2.54 (2018/07/03)

Resolved Issues

Issue ID	Description
RMAZ-126	Now On Demand Recovery does not show the error when restoring a user that has membership in a dynamic group, e.g. "All Users".

Release 1.2.53 (2018/06/26)

Resolved Issues

Issue ID	Description
RMAZ-673	Refresh of the Difference report failed with error "Failed to collect live Azure AD data". Now this issue is fixed.
RMAZ-674	A new customer could see the red On Demand Recovery widget with the message "Failed to get the tenant backup details."
RMAZ-677	Improved reliability of scheduled backups.
RMAZ-679	Improved stability of backup statistics for large backups (100000 users or more).

Release 1.2.52 (2018/06/15)

Enhancements

Enhancement ID	Description
RMAZ-613	The Differences report shows changes to service principal objects.
RMAZ-623	Restore of administrator roles and links between service principals and users.
RMAZ-624	Restore of delegated permissions for service principals.
RMAZ-626	Number of service principal objects is shown in the backup statistics.
RMAZ-651	Backup of service principal properties.
RMAZ-652	Backup of administrator roles and links between service principals and users.
RMAZ-654	Restore of permanently deleted service principal objects and its properties from the Objects view.
RMAZ-655	Restore of service principal delegated permissions from the Objects view.
RMAZ-656	Restore of user and group assignments from the Objects view.
RMAZ-657	Backup of service principal delegated permissions.
RMAZ-658	Backup of service principal user and group assignments.
RMAZ-660	Restore of administrator roles assigned to service principal users from the Differences report.
RMAZ-663	Restore of an application from Recycle Bin before creating the service principal object.

Resolved Issues

Issue ID	Description
RMAZ-620	Restore of hybrid hard deleted groups: cloud membership is applied after Azure AD Connect re-creates the group.
RMAZ-627	Events that are generated if there were no backups for the last 24 hours now have correct time stamps. The number of such events is reduced.
RMAZ-643	Security: improvements to the isolation of customer data.
RMAZ-653	Performance improvements for the Differences report.

Fore more details about restoring of service principal objects, please see Back up and Restore Service Principal Objects.

Release 1.2.51 (2018/05/08)

Enhancements

Enhancement ID	Description
RMAZ-618	The details panel may contain links.

Release 1.2.48 (2018/04/10)

Resolved Issues

Issue ID	Description
RMAZ-598	Restore may hang when sending a request to Microsoft Graph.
RMAZ-599	Restore failed if there is no connection to Quest Migration and Management Platform.

Release 1.2.47 (2018/04/03)

Enhancements

Enhancement ID	Description
RMAZ-550	Now Recovery Manager for Azure AD checks that all enabled backups are actually running. If there are no backups within the last 24 hours, the customer will receive the event.
RMAZ-546, RMAZ-574	AWS Systems Manager Parameter Store is no longer used to store RMAZ configuration data. Now the data is stored in Kubernetes cluster in Azure Container Servces (ACS).

Resolved Issues

Issue ID	Description
RMAZ-588	The backup operation may hang when sending a request to Delta API.
RMAZ-579	RMAZ did not send any notifications about failed backups. Now you can find the event in the event log.

Release 1.2.46 (2018/03/21)

Enhancements

Enhancement ID	Description
RMAZ-573	Encryption at rest for 100% of customer backup data including unpacked backups and the Difference report objects.
RMAZ-573	Better scalability, reliability and maintainability given by Azure Container Services (compare to single machine Swarm configuration).
RMAZ-573	Quotas and limits guarantee CPU and Memory resources for each customer and prevent mutual influence.
RMAZ-531	Each Azure AD scheduled snapshot is started at exact 0:00 of every hour – so we have exactly 24 snapshots per day and clear time for each (old implementation had always less than 24 snapshots per day and it depended on backup duration).
RMAZ-489	Geo redundant Azure storage for customer backups - data is durable even in the case of a complete regional outage or a disaster (https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy#geo-redundant-storage).
RMAZ-447	Attributes that can be restored / not restored by On Demand Recovery are listed in the "How does On Demand Recovery handle object attributes?" section of User Guide.
RMAZ-530	Backups and backup statistics for On Demand Widget is moved to the Azure Container Service cluster.
RMAZ-490	Support of customer Azure Blob Storage account for backups.

Resolved Issues

Issue ID	Description
RMAZ-477	Local users are matched before the restore operation to avoid duplications after restoring hard deleted users.
RMAZ-478	Social users are matched before the restore operation to avoid duplications after restoring hard deleted users.

Release 1.1.42 (2017/12/26)

Enhancements

Enhancement ID

Description

RMAZ-421

Added the User Type facet on the Objects view. Possible user types: Work or School Hybrid B2B Guest B2C Local B2C Social Added a new column 'User Name' on the Objects view. This column contain additional information about users: mail attribute for Guest users first element in otherMails attribute for social users first element in signInNames for local users userPrincipalName for other users empty value for non-users

Resolved Issues

Issue ID	Description
RMAZ-425	The Events view showed inconsistent information.
RMAZ-454	Increased stability of backups in case of errors from external services.
RMAZ-465	Some data may be unavailable in the Differences view due to the errors with a backup.
RMAZ-470	The backup task that was created in the root scope is not shown in the tenant scope.
RMAZ-473	Tasks might hang in the "Starting" after the production upgrade due to non-provisioned resources.

Release 1.1.41 (2018/03/01)

Enhancements

Enhancement ID	Description
RMAZ-562	On Demand Recovery is synchronized with the latest version of Quest Migration and Management Platform.

Release 1.1.40 (2017/12/15)

Enhancements

Enhancement ID	Description
RMAZ-418	Azure Active Directory B2C: Now permanently deleted users are distinguished from soft deleted (moved to Recycle Bin) users in the Differences view.

Resolved Issues

Issue ID	Description
RMAZ-450	Azure Active Directory B2C: Now the application correctly processes hard deleted social accounts.
RMAZ-453	Azure Active Directory B2C: Fixes to the "restore of social accounts" feature: Now the 'userIdentities' attribute and other multi-valued attributes are restored.
RMAZ-428	Fixes to the unpack operation.
RMAZ-456	Now more attempts are made to read the backup data.

Release 1.1.38 (2017/12/12)

Enhancements

Enhancement ID	Description
RMAZ-469	Now the 'details panel' shows different content depending on the type of task. For the Backup task, the panel does not show 'creation' and 'last modification' time. For the Diff restore task, if you click on the task status, the Differences view will be opened.

Release 1.1.37 (2017/12/07)

Enhancements

Enhancement ID	Description
RMAZ-438	Azure Active Directory B2C: Now the progress bar shows the actual backup progress.

Release 1.1.36 (2017/11/28)

Enhancements

Enhancement ID	Description
RMAZ-424, RMAZ-436	Azure Active Directory B2C: The functionality of the Differences view is available for Azure AD B2С tenants.
RMAZ-433	Azure Active Directory B2C: Support for backup and restore of Azure AD B2C local accounts.
RMAZ-439	Now the backup task contains information about the backed-up tenant.

Release 1.1.35 (2017/11/27)

Enhancements

Support for backup and restore of Azure Active Directory B2C tenants - PREVIEW.

Limitations:

• Difference view is not implemented yet

• Restore of hard deleted local accounts and social accounts is not implemented yet.

Resolved Issues

Issue ID	Description
RMAZ- 441	Azure Active Directory B2C: A customer gets the error message and an email notification if the backup was not created.

Release 1.1.34 (2017/11/27)

Resolved Issues

Issue ID	Description
RMAZ- 407	Shows the 'Packed' / 'Unpacked' backup status on the Backups view.

Release 1.1.33 (2017/11/23)

Enhancements

Enhancement ID	Description
RMAZ-241	Added the error event that indicates that a backup was not created for the tenant.
RMAZ-363	Added new facets for the Objects view: 'Tenant', 'Backup', 'Type', 'User type' and 'AAD Connect' status.
RMAZ-390	Azure Active Directory B2C: Now On Demand Recovery can backup all types of groups and group membership for Azure AD B2C.
RMAZ-391	Azure Active Directory B2C: Support for backup of Azure AD B2C users.
RMAZ-415	Azure Active Directory B2C: Support for backup statistics for Azure AD B2C (number of users, groups, etc).
RMAZ-416	Azure Active Directory B2C: Backup and restore of the Manager attribute for Azure AD B2C.

Resolved Issues

Issue ID	Description
RMAZ-427	Now the Refresh task on the Differences screen works correctly if 'jobtitle' was changed.

Release 1.1.32 (2017/11/22)

Enhancements

Enhancement ID	Description
RMAZ-408	Added the Create backup button on the Dashboard view.

Resolved Issues

Issue ID	Description
RMAZ-409	Now the Refresh task on the Differences view fails if some data cannot be uploaded to Migration and Management Platform.

Release 1.1.31 (2017/10/27)

Enhancements

Enhancement ID	Description
RMAZ-381	Now customers are notified about failed backups by email.

Resolved Issues

Issue ID	Description
RMAZ-380	Hybrid restore may fail when there are too many per-object errors.

Release 1.1.30 (2017/10/26)

Enhancements

Enhancement ID	Description
RMAZ-366	The new Backups view is introduced in the user interface. This view shows a list of backups that were created for the tenant.
RMAZ-370	Now Ireland WCF Relay for EU region is used instead of Amsterdam WCF Relay.
RMAZ-194	The Tenant column is added to the grid on the Differences view.

Release 1.1.29 (2017/10/25)

Enhancements

Enhancement ID	Description
RMAZ-82, RMAZ-83	Security headers have been updated.

Resolved Issues

Issue ID	Description
RMAZ-369	Stability improvement for hybrid restore: a large number of objects (>400) can be restored.
RMAZ-342	Now On Demand Recovery stops the restore operations if on-premises restore has been failed.

Release 1.1.28 (2017/10/18)

Enhancements

Enhancement ID	Description
RMAZ-371	Version of Recovery Manager Portal is shown in the hybrid restore events.
RMAZ-376	Now you can acknowledge (hide) events which are not actual anymore. If you use the Acknowledge option on the Events view, the status of the selected events is changed from 'Current' to 'Obsolete'. To view the list of obsolete events, click Obsolete on the left side of the Events screen.

Resolved Issues

Issue ID	Description
RMAZ-362	On Demand Recovery tried to apply wrong set of attributes to the cloud after restoring a large number of on-premises objects. Now this issue is fixed.
RMAZ-375	Now On Demand Recovery can restore a large number (more than 400 objects) of cloud objects with no errors.

Release 1.1.27 (2017/10/16)

Enhancements

Enhancement ID	Description
RMAZ-78	On Demand Recovery restores attributes of on-premises groups.
RMAZ-290	Now restore of multiple objects works faster.

Release 1.1.26 (2017/10/12)

Enhancements

Enhancement ID	Description
RMAZ-300	The current status of the Refresh task is shown on the Differences view.
RMAZ-321	From this release, On Demand Recovery can restore directReports attributes.

Resolved Issues

Issue ID	Description
RMAZ-181	Now attribute lists are separated for different tenants.
RMAZ-261	From this release, object attributes from different backups can be restored from the Differences view.
RMAZ-135	On Demand Recovery can restore hybrid objects which are synchronized by Azure AD Connect.
RMAZ-330	Restore of group membership works correctly in hybrid configuration.

Release 1.0.25 (2017/10/04)

• Minor fix for icons

• Added link to the online documentation in the Create hybrid connection dialog

Release 1.0.24 (2017/10/04)

• Hybrid restore fixes and improvements

Release 1.0.23 (2017/09/20)

• Fixes for jobTitle, companyName attributes in hybrid restore

• Restore of memberOf attribute from the Objects view in hybrid restore

Release 1.0.22 (2017/09/14)

• The beta version of the RMAD hybrid restorefeature has been deployed

• New version of Quest Migration and Management Platform (QMMP) has been deployed

Release 1.0.21 (2017/08/31)

• Restore of on-premises groups and its attributes (RMAD hybrid restore).

• On Demand Recovery now shows events related to hybrid restore.

• Changes to on-premises objects are synchronized automatically by Azure AD Connect after the restore operation.

• On-premises attributes mapping is improved.

Release 1.0.20 (2017/08/18)

• Restore of on-premises deleted users from the Objects view (RMAD hybrid restore).

• Manager ID attribute can be restored.

• Automated Azure Relay provision for customer.

Release 1.0.18 (2017/08/11)

• Hybrid restore from the Objects view.

Release 1.0.16 (2017/08/01)

• Fix: No information about what backup has been unpacked.

Release 1.0.15 (2017/07/28)

• Personally identifiable information (PII) was removed from logs.

Release 1.0.13 (2017/07/05)

• Fixes related to data retention.

• Improved stability for network errors.

Release 1.0.12 (2017/06/30)

• Shows the warning message if the Admin Consent is not granted.

• Other fixes related to Admin Consent.

• Support for the Ireland data center.

Release 1.0.11 (2017/06/19)

• Fixes related to the public API.

Release 1.0.10 (2017/06/07)

• Improved web application security.

Release 1.0.9 (2017/06/01)

• Fixes related to unpacking of large backups.

Release 1.0.8 (2017/05/30)

• Now the unpacking operation works faster: 20 minutes for 500 K backup

Release 1.0.7 (2017/05/30)

• Fixes related to the New Object count in the Comparison report.

Release 1.0.6 (2017/05/26)

• Lambda constants were changed to work with large backups.

Release 1.0.5 (2017/05/24)

• New timeouts related to task status are set to not report the Failed status in case of healthy backup.

• Backup tracking interval was changed from 3 to 24 hours.

Release 1.0.4 (2017/05/04)

• Added additional tests for the Comparison report and restore process.

Release 1.0.3 (2017/05/02)

• Old backups that were created earlier than 3 or 4 days ago are unpacked faster. Now we use our own backup comparison instead of Azure AD delta.

Release 1.0.1 (2017/04/20)

• Added the Comparison Report feature that let you view differences between the selected backup and Live Azure Active Directory.

• Large backups (200-400K objects) can be unpacked and restored faster.

• On Demand Recovery restores Office 365 license attributes.

• On Demand Recovery restores deleted Office 365 groups from Recycle Bin.

• Objects can be restored from the Comparison report.

• Office 365 license attributes can be restored from the Comparison report.

• Group links can be restored from the Comparison report.

• Hide added and deleted objects from the Comparison report.

• Restore operations can be performed in Objects and Comparison report in parallel.

Release 1.0 (2017/03/01)

• New public URL https://quest-on-demand.com and integration with the Quest On Demand products family, added also for the Backup Stats widget.

Release 0.0.13 (2016/11/28)

• Users that are deleted from Recycle Bin can be restored including group membership and attributes.

• A spinning wheel is displayed during login and initialization operations (10-20 sec) when a user comes to the On Demand Recovery main page.

• Added PROTO Comparizon Report that shows difference between backup and live Azure Active Directory. The feature is available by request.

• Support for the userPrincipalName attribute recovery (mail and proxyAddresses attributes will also be updated by Azure Active Directory automatically).

• On Demand Recovery shows attributes and values which were applied during the restore operation in the restore event - for better troubleshooting.

Release 0.0.12 (2016/11/10)

• Now you can restore deleted Office 365 groups.

• Multi-level group nesting. Now you can restore groups containing group with member containing another group.

Release 0.0.11 (2016/10/27)

• On Demand Recovery uses differential API for backup:

  • Support for large directories with many links (400 K objects).

  • Backup format is changed.

Release 0.0.10 (2016/10/13)

• Restore membership for the nested groups (one-level nesting).

Release 0.0.9 (2016/10/13)

• Restores deleted security (not mail enabled) groups with membership.

Release 0.0.7 (2016/9/27)

• Product scalability and customer capacity are improved.

Release 0.0.6 (2016/09/21

• Added the "text copy" browser feature in dialog grids like the Manage Directories dialog.

Release 0.0.5 (2016/09/15

• On Demand Recovery lets you back up large tenants: ~400 K objects (users and groups).

Release 0.0.4 (2016/09/13)

• Administrator credentials are no longer required for restoring users from Recycle Bin.

Release 0.0.3 (2016/09/04)

• The Beta Test Agreement confirmation is shown after the login screen.

• Slack channel invitation is sent automatically to customers.

Release 0.0.2 (2016/08/15)

• On Demand Recovery registers customer tenants using multi-tenant application; support for Office 365 tenants.

Release 0.0.1 (2016/07/24)

• Validate On Demand Recovery access permissions.

• Allow access only for approved Quest Software accounts (white list).

• Now you can back up and restore selected attributes for users.

• You can back up and restore groups using On Demand Recovery.

• Restores deleted users from Recycle Bin users.

• On Demand Recovery offers simple charts for Active Directory objects - objects by type, by backup date, by tenant.

 

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

General known issues

Issue ID	Known Issue
RMAZ-18	If you restore two groups which are members of the third group which was deleted, the third group can be duplicated after the restore operation. This issue is applied only to non-Office Groups which support nesting. For possible workarounds, see the Workarounds section below.
RMAZ-128	On Demand Recovery converts distribution lists and Mail-enabled security groups to Office 365 groups during recovery. If you have nested distribution lists, they will not be restored.
RMAZ-129	On Demand Recovery does not back up and does not store user passwords.
RMAZ-130	On Demand Recovery does not support restore of Contact objects.
RMAZ-127	Explicit (granted directly to a user, not inherited via group membership) permissions are lost after restore of permanently deleted users or groups.
RMAZ-464	On Demand Recovery does not restore Applications for users and groups.
RMAZ-136	Restore of changed user mail attributes such as mail, proxyAddress, targetAddress is not supported. These attributes are restored correctly if you restore the deleted object from Recycle Bin.
RMAZ-137	On Demand Recovery does not restore an Office 365 mailbox (either for user or for Office group) if it was permanently deleted.
RMAZ-138	On Demand Recovery does not restore user's Photo (thumbnailPhoto attribute).
RMAZ-139	On Demand Recovery does not restore Contact Authentication attributes: Authentication Email, Alternate Authentication Email, Authentication Phone, Alternate Authentication Phone.
RMAZ-141	On Demand Recovery does not restore multi-factor authentication settings for users.
RMAZ-174	On Demand Recovery does not restore Distribution List members with the error "Status: 400, Code: Request_BadRequest. Details: Unable to update the specified properties for objects that have originated within an external service".
RMAZ-252	Only for Hybrid restore: Granular restore of object membership from the Differences view is not supported. For possible workarounds, see the Workarounds section below.
RMAZ-262	On Demand Recovery supports one hybrid connection per the On Demand organization. If you need to manage multiple hybrid tenants, create a separate On Demand organization for each Hybrid Azure AD tenant.
RMAZ-270	If two users perform the unpack operation simultaneously with the selected "Clear objects" option in the same On Demand organization, one of the processed backups will not be unpacked (or will be partly unpacked). For possible workarounds, see the Workarounds section below.
RMAZ-273	Old backups (backups that were created before you remove the tenant) are not shown in the On Demand Recovery user interface if the same tenant was removed and then added again. If you need to unpack, restore or delete old backups, please contact Quest Support.
RMAZ-279	InTune policies are not supported by On Demand Recovery.
RMAZ-308	Some attributes of on-premises objects (e.g. "ipPhone","pager","info","homePhone") are mapped by Azure AD connect but are not shown in the Differences view and cannot be applied to the cloud users. On Demand Recovery restores these attributes for on-premises objects.
RMAZ-309	On Demand Recovery shows expired backups that were deleted. If you select the expired backup to perform the restore operation, you will get the "Internal error in lambda restoreAttributes" error.
RMAZ-311	Cannot download hybrid credentials with the Error 404 "Not found". This issue may occur if you try to get credentials right after the registration - it takes about one minute to create the Relay credentials.
RMAZ-315	Backup task does not check the Admin consent status, but if the Admin consent is not granted for the tenant, the following error occurs: "The identity of the calling application could not be established."
RMAZ-335	The usageLocation attribute may not be restored if license attributes were not selected together with usageLocation for restore.
RMAZ-338	On Demand Recovery does not show the proxyAddresses attribute in the Differences view.
RMAZ-352	The restore operation from the Differences view may fail if you run Refresh before the restore operation is completed.
RMAZ-354	Incorrect (empty) object count in the "details panel" of the Restore from Diff task.
RMAZ-355	If the same on-premises object is selected in different unpacked backups on the Objects view, On Demand Recovery will perform the hybrid restore of the object on the first selected backup date.
RMAZ-358	If multiple objects are selected for restore and there is Directory Synchronization Service Account among them, the restore operation will fail for all objects with the error "Failed on-premise restore. Error: Value cannot be null".
RMAZ-359	On Demand Recovery does not backup and restore openTypeExtension attributes. For more details about openTypeExtension, see https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/opentypeextension.
RMAZ-360	On Demand Recovery does not backup and restore schemaExtension attributes.
RMAZ-373	Hybrid restore (from Objects or Differences view) uses attribute values from the on-premises backup. So, these values may be different from the corresponding values shown in the Differences or Objects view.
RMAZ-374	One instance of Recovery Manager Portal can be used with one Azure AD tenant and one Azure AD Connect server. Install multiple RMAD web portals if you need to work with multiple Azure AD tenants and Azure AD connect servers.
RMAZ-405	If you enable Azure Multi-Factor Authentication (MFA), you should regrant Admin Consent for the On Demand Recovery module. Otherwise, you will get the following error during the restore operation: "Failed to refresh access token. StatusCode: 400. ErrorCode: interaction_required. Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access".
RMAZ-457	Restore of the usageLocation cloud attribute does not work for the "Exchange Hybrid" scenario.
RMAZ-471	A password is not restored for hard deleted users (work, school, local, guest accounts). In this case, the user needs to reset the password.
RMAZ-472	Object IDs are not preserved when you restore hard deleted users (work, school accounts, B2C local accounts, guest or B2B, B2C social accounts) or groups.
RMAZ-485	Failed to restore the hybrid cloud user that was permanently deleted if Azure AD Connect cannot synchronize the newly created user from the on-premises Active Directory to the cloud. For possible workarounds, see the Workarounds section below.
RMAZ-542	Actual for hybrid configuration only: After restore of permanently deleted objects, these objects are still shown as permanently deleted in the Differences report along with the recreated objects.
RMAZ-566	On Demand Recovery does not support backup and restore of Azure Active Directory tenants created in Azure Germany, China or U.S. Government.
RMAZ-576	Restore of more than 10000 objects using one task is not supported.
RMAZ-595	On Demand Recovery does not support backup of application certificate settings.
RMAZ-690	If a user does not have the service account for the tenant, On Demand Recovery cannot restore permanently deleted service principals provisioned from Azure Gallery. For possible workarounds, see the Workarounds section below.
RMAZ-720	Cannot restore cloud attributes for a permanently deleted user in hybrid scenario after the user was recreated by Azure AD Connect. The following error will arise: "Another object with the same value for property userPrincipalName already exists "
RMAZ-721	On Demand Recovery cannot restore the onPremisesDistinguishedNam property for permanently deleted users in hybrid scenario. In this case you will get the following error message: "Property 'onPremisesDistinguishedName' is read-only and cannot be set" error.
RMAZ-726	On Demand Recovery does not restore owners for service principals.
RMAZ-777	On Demand Recovery does not restore MFA authentication methods for a hard deleted user if the mobile application was assigned to this user. NOTE: If any of the following Voice Call/SMS/Office Phone was set up as an authentication method for a user, On Demand Recovery will restore all MFA data for this user.
RMAZ-779	On Demand Recovery does not support MFA enabled accounts for backup creation. To set the account password to never expire, use the following PowerShell command: Set-MsolUser -UserPrincipalName <name of the account> -PasswordNeverExpires $true For more details, refer this article https://support.office.com/en-us/article/set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4668-9211-230c245a0466
RMAZ-798	If you restore a permanently deleted user with the enabled Self-Service Password Reset option, Multi-Factor Authentication methods will be displayed as not verified after restore.
RMAZ-819	On Demand Recovery may not restore otherMail, mobile, telephoneNumber attributes with the following error: "Cannot restore attributes. Details: Insufficient permissions to complete the operation". For possible workarounds, see the Workarounds section below.
RMAZ-827	If you get the error "DeltaLink older than 30 days is not supported" during the unpack operation, create a new backup before you unpack the backup that is older then 30 days.
RMAZ-907	Hubryd restore may fail with the following error in Recovery Manager Portal: "The ChannelDispatcher at 'sb://backupaad-rmaz-hybrid-us.servicebus.windows.net/org-f555beae-38fa-4d0a-b502-08c4b93b01da' with contract(s) 'HybridRestoreServiceContract' is unable to open its IChannelListener". For possible workarounds, see the Workarounds section below.
RMAZ-931	If you get the error "[Hybrid Module] Failed on-premise restore. Error: Remote connection to AAD Connect: The specified module 'ADSync' was not loaded because no valid module file was found in any module directory.", the Import-Module ADSync command may not work correctly on the Azure AD Connect host. For possible workarounds, see the Workarounds section below.
RMAZ-998	On Demand Recovery does not restore the conditional access policy "Baseline policy: Require MFA for admins".
RMAZ-1141	On Demand Recovery does not restore manifests for non-Gallery applications.
RMAZ-1242	In case of restore of a permanently deleted user from an old backup, the user license may be assigned twice: by group and directly.
RMAZ-1455	Group owners are not shown in the Difference report for deleted groups.
RMAZ-1453	Deleted members are not shown for deleted groups in the Difference report for backups less than 6 hours old.

Workarounds

RMAZ-18

To avoid this issue, the user needs either to restore groups one by one (order is not important) or restore all of them at once.

RMAZ-252

Go to the Objects view, find the group that you want to restore and select the member attribute in the attribute list to restore links.

RMAZ-270

Do not select the "Clear objects" option. Also, the restore operation may fail if the user is trying to unpack the backup that is currently processed by another user.

RMAZ-485

Force Azure AD Connect initial synchronization to fix this issue, then restart the restore operation.

RMAZ-690

1. Install the corresponding application from Azure Gallery once again to re-create the service principal object.

2. Install SSL certificates for the application.

3. Configure single sign-on (SSO) options for the service principal (if any).

4. After that, On Demand Recovery will be able to apply properties from the backup.

RMAZ-819

You should explicitly grant one of the following role to the service principal object: Helpdesk Administrator, User Administrator or Global Administrator. For that, use the following PowerShell commands:

Get the service principal for which Admin Consent was granted in On Demand Core
$principal = Get-AzureADServicePrincipal -SearchString "Quest On Demand - Recovery"

Get the required role from Azure AD
$role = Get-AzureADDirectoryRole | Where-Object {$_.DisplayName -eq 'Helpdesk Administrator'} $role

Assign the role to the service principal
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $principal.objectId

Ensure that the role is assigned
Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId

For more details, refer https://blogs.msdn.microsoft.com/aaddevsup/2018/08/29/how-to-add-an-azure-ad-role-to-a-enterprise-application-service-principal/.

RMAZ-907

Restart the Recovery Manager Portal service.

RMAZ-931

• Make sure that Import-Module is available globally on the Azure AD Connect host.

-OR-

• Сopy the AADSync.psm1 file manually from the Recovery Manager Portal machine to the PowerShell default folder on the Azure AD Connect host.

Quest Migration and Management Platform known issues

Issue ID	Known Issue
QMMP-74	You may see a "white screen" instead of spinning preloader when starting On Demand Recovery.
QMMP-130	The "Select all" option does not work properly in the "Select attributes" dialog that opens when you click Browse in the Restore Objects dialog. If you select the "Select all" check box, all attributes will be selected, but will not be restored.
QMMP-142	Invalid sorting of data by 'Task Name' and 'Object Name' fields in the Events view.
QMMP-159	Resizing issue: Shows gray overlay on small displays when the side bar was initially in the expanded state.
QMMP-177, QMMP-182	Scrolling hangs if there are more than 10000 objects in a list. Workaround: Use sorting or filtering option to narrow your search scope.
QMMP-184	The timelines on the Events and Backups show incorrect results if you select an interval in the timeline and then click any date range link on the left side of the screen.
QMMP-201	If you work with Internet Explorer 11, dialogs launched from the Differences and Dashboard screens may show controls from the lower layer. Workaround: Resize the browser window.
QMMP-221	Details panel on the Objects view shows tasks in a random order.
QMMP-228	On the Dashboard view, if you click on any specific status in the objects widget, you will be redirected to the Objects view with this status as a filter. Then, if you go back to Dashboard and click on the widget title (total number of objects), you will be redirected to Objects with the previous status filter.