Chat now with support
Chat with Support

On Demand Recovery Current - Release Notes

Release Notes

Quest® On Demand Recovery

Release Notes

October 24, 2024

On Demand Recovery allows you to backup and restore Microsoft Entra ID and Microsoft® 365 objects with their properties. These objects can be selected in a backup and then restored to Microsoft Entra ID or Microsoft 365 without affecting other objects or attributes. Using the granular restore, objects that were inadvertently deleted or modified can be recovered in a few minutes.

Key features of On Demand Recovery

  • Back up Microsoft Entra ID and Microsoft 365 users, groups, contacts, service principals, conditional access policies, and device information
    On Demand Recovery automatically backs up your directory on a regular basis.
  • Granular, selective restore of Microsoft Entra ID and Microsoft 365 users, groups, service principals, conditional access policies, devices, inactive mailboxes for permanently deleted users
    Users, groups, service principals, and devices can be selected in a backup and then restored to Microsoft Entra ID or Microsoft 365 without affecting other objects or attributes.
  • Backup and restore Microsoft Entra B2C users and groups
    On Demand Recovery supports Microsoft Entra B2C tenants.
  • Restore users or Microsoft 365 groups from the Recycle Bin
    Restore users and Microsoft 365 groups that were inadvertently moved to the Recycle Bin.
  • Cloud solution: backup snapshots are stored in the cloud

    On Demand Recovery does not require to install or maintain any additional software.
  • Comparison reporting
    This feature lets you view differences between the selected backup and live Microsoft Entra ID or Microsoft 365 and revert unwanted changes.
  • Integration with Recovery Manager for Active Directory
    On Demand Recovery can be integrated with Recovery Manager for Active Directory 9.0 or higher to restore on-premises objects that were synchronized with cloud by Microsoft Entra Connect.

These release notes provide information about the On Demand Recovery release.

Topics:

New features

Release 1.7.24 (2024/09/11)

New features in On Demand Recovery 1.7.25:

  • New feature to backup and restore Tenant Level Settings, including:
    • Directory Settings
    • External Identities Settings
    • Group Lifecycle Policy
    • Group Lifecycle Policy Links
    • User Authentication Settings
    • User Authorization Settings
  • Support to backup and restore administrative units

For full list of supported attributes, visit the On Demand Recovery Supported Attributes guide.

Note: Restoring tenant level settings and administrative units is not supported from the Differences report.

 

See also:

Release History

The following lists the new features and resolved issues by deployment.

Current Deployment

Release: 1.7.25 (October 24, 2024)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Selected attributes are not saved in restore window when using non-default 50/100 items view N/A ADO-506415
Restore task is hanging at 63% N/A ADO-513708
Failure to restore Conditional Access policy with Grant access - requires authentication strength N/A ADO-514659
Group Lifecycle Policy not available by default, placeholder needed N/A ADO-517560
Failed Backup - Group Lifecycle Policies Links - Get bad status: 400, response: {"error":{"code":"Directory_ExpiredPageToken" N/A ADO-518203
Failure to restore Conditional Access policy with Session - requires token protection for sign-in sessions N/A ADO-519208
Note removed regarding not providing service account credentials from Configure Restore dialog N/A ADO-519745
Misspelling in Configure Restore dialog N/A ADO-519980

Previous Deployments

Release 1.7.24 (September 11, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Backup Tenant Level Settings: Administrative Units including relationships N/A ADO-417650
Backup Tenant Level Settings: User Settings N/A ADO-417655
Backup for Tenant Level Settings: General Groups + Expiration + Naming Policy N/A ADO-417660
Restore Tenant Level Settings: User Settings N/A ADO-471781
Restore Tenant Level Settings: General Groups + Expiration + Naming Policy N/A ADO-471782
Restore: Administrative Units N/A ADO-471786
Unpack for Tenant Level Settings: User Settings N/A ADO-487997
Differences for Tenant Level Settings: User Settings N/A ADO-487999
Restore: Administrative Unit Relationship Members N/A ADO-497285
Restore: Administrative Unit Relationship - scopedRoleMembers N/A ADO-497286
Disable Difference restore for all Tenant Level Settings N/A ADO-497618

Release 1.7.22 (September 05, 2024)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup failed with error encoding `msol_users` - null value for displayName of user. N/A ADO-514668

Release 1.7.22 (September 05, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Implemented a white list for log messages. N/A ADO-494442
Escape special characters when generating msol_users target. N/A ADO-512929
Enhanced handling of data with special characters when indexing and converting msol_users target. N/A ADO-512933

Release 1.7.21 (August 27, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)

Permissions have been updated for Restore application. New consent version: 1.7. The following permissions have been added:

  • Policy.ReadWrite.Authorization
  • Policy.ReadWrite.AuthenticationFlows
  • Policy.ReadWrite.ExternalIdentities
  • AdministrativeUnit.ReadWrite.All
  • User.ManageIdentities.All
N/A ADO-PR98040

Release 1.7.20 (August 08, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Updated Manage Backups popup to include required roles needed to backup multifactor authentication settings and data related to inactive mailboxes. N/A ADO-509282
Updated Configure Restore popup to include required roles needed to restore multifactor authentication settings, data related to inactive mailboxes and Conditional Access policies. N/A ADO-509283

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
On Manage Backups popup, if all options are not enabled under Backup options, the password is not saved and an error displays while backing up. N/A ADO-509450

Release 1.7.19 (July 18, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Re-enablement of backup and restore of multifactor authentication settings and data related to inactive mailboxes. N/A ADO-503476

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Inconsistent results from restoring app registration - searching for a matching application for service principal <ID1> with appId <ID2> N/A ADO-505054
Mailbox is not restored for hard deleted MFA Users from Unpacked Objects. N/A ADO-505459

Release 1.7.17 (July 18, 2024)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Error restoring app registration - object reference not set to an instance of an object. N/A ADO-503796

Release 1.7.16 (July 17, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Retry Policy for restore operations - apply list of error messages for retry. N/A ADO-482811

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Failure to restore Conditional Access policy for deleted Service Principal. N/A ADO-499268
When a new consent version is available (re-grant consent required), restore operations will proceed with only a warning, not an error. N/A ADO-500212

Backups failing with error "An exception occurred while backing up Multifactor Authentication settings."

Resolution: Error result of a functional outage and deprecation of API used to backup multifactor authentication settings and backup data related to inactive mailboxes. Features have been temporarily deprecated until the issue can be resolved. See Known Issue ADO-503476.

N/A ADO-503501

New known issues

Known issue Issue ID (Jira) Issue ID (ADO)
Back up and restore of multifactor authentication settings and data required to connect inactive mailboxes to a restored user is temporarily not supported. Interface (API) was deprecated and needs to be replaced with new methods. N/A ADO-503476

Release 1.7.14 (June 18, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Restore User attributes: employeeType and employeeHireDate. N/A ADO-467085
Update Feature Name in events to Activity Trail. N/A ADO-492775

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restore task Service Principal (restore selected - owners) freezes at 99%, but relation is still restored. N/A ADO-492169
Restore task succeeds but Conditional Access Policy is not restored because data is malformed or incorrect. N/A ADO-492486
User/Group restore does not reconnect user/group to the Conditional Access policy. N/A ADO-493719
Restore task fails to restore conditions for Conditional Access policies even if task finished successfully. N/A ADO-494698
Directory_ExpiredPageToken is not handled in get_graphio_entities that cause backup failure. N/A ADO-496156

Release 1.7.12 (May 30, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Full rename of Azure Active Directory to Microsoft Entra ID. The URL for On Demand Recovery has been changed to https://quest-on-demand.com/#/recovery/entraid. N/A ADO-462067

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Switch to Info log level (currently set to Debug). N/A ADO-494440

Release 1.7.11 (May 14, 2024)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Issues noticed with backend resources for Differences restore when restore engine is turned on. N/A ADO-491621

Release 1.7.10 (May 09, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Update to ODJRS SDK for retry policies in restore engine. N/A ADO-491910

Release 1.7.9 (April 24, 2024)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restore of changed user mail attributes: mail, proxyAddresses, targetAddresses fails if user is hard deleted. RMAZ-136 ADO-352530
On Demand Recovery does not restore an Microsoft 365 mailbox (either for user or for Office group) if it was permanently deleted. RMAZ-137 ADO-352531
Certain attributes can be applied only for Hybrid objects. RMAZ-308 ADO-352539
Restore of more than 10000 objects can lead to reduced performance. RMAZ-576 ADO-352562
Restore for Conditional Access policy "Baseline policy: Require MFA for admins" is not supported. RMAZ-998 ADO-359281
Restore user licenses fails: Cannot restore usageLocation. N/A ADO-394533
Default role cannot be restored when assigned in app registration along with custom role. N/A ADO-469437
Provision service is killed by Out Of Memory. N/A ADO-469748
Backup stores incorrect Connector data. N/A ADO-477065
Cannot restore User - failed restore task - when a user is a member of a dynamic group and relation is in the backup. N/A ADO-485074
MSOL get user request fails with Exception: SOAP operation failed with error: Collection was modified; enumeration operation may not execute. N/A ADO-487018
User's groups membership is not correctly restored due to hidden member - new permission Member.Read.Hidden added to application Quest On Demand - Recovery - Basic. For resolution of this issue, ensure to regrant consent to the application to consent version 2.3. N/A ADO-487918

Release 1.7.7 (March 21, 2024)

Resolved Issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup failed due to "Directory_ExpiredPageToken" error. N/A ADO-456166
UI improvements in Difference and backup task details. N/A ADO-479605
Restore of backlinks to restored hybrid Groups not working for Conditional Access policy. N/A ADO-481367

Release 1.7.6 (March 05, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Restore relations of policies to Service Principal, App Registration, Users and Guests, Groups, Directory Roles, Named Locations. N/A ADO-455142

Release 1.7.5 (February 20, 2024)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
No backup message - no missing backup but was missing backup cronjob - improve notification. N/A ADO-347585
Expired backup remains in retention table when org container was deleted. N/A ADO-474438
compliantNetworkNamedLocation for backup causing backup error - skip unsupported type. N/A ADO-475776

Release 1.7.3 (January 30, 2024)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Enabled Conditional Policies for backup using GraphAPI. N/A ADO-455135
Support option to "Perform differences operation" on the Unpack screen from Dashboard. N/A ADO-457124
Restore of Conditional Access Policies with GraphAPI. N/A ADO-459772
Enabled Named Location policies for backup using GraphAPI N/A ADO-459779
Restore of Named Location policies with GraphAPI N/A ADO-459780
Restore service credentials no longer needed for Conditional Access policies and Named Location policies. N/A ADO-471748

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restore of conditional access policy will fail due to Microsoft deprecation of API. Error message will appear "Cannot update default conditional access policy: Status: 403, response: {'odata.error': {'code': 'Authorization_RequestDenied'. N/A ADO-452910

Release 1.7.0 (December 05, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Improved retention policies for new backups. Users can now set retention periods in custom number of days for retention policies. N/A ADO-453550

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hard deleted application registrations able to be restored more than once. N/A ADO-456951
UI shows an error when restoring object using custom RBAC. N/A ADO-463497

Release 1.6.13 (November 30, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
New permissions for Basic and Restore applications/service principals. N/A ADO-454066

Release 1.6.12 (November 22, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Support for restoring hard deleted applications. N/A ADO-305138
Support for restoring soft deleted application registrations. N/A ADO-457117
An error message will display if restore consent has not been granted or needs regranting. N/A ADO-457273

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restoring hard deleted service principal does not reference a valid application object. N/A ADO-262036
Attribute "identifierUris" not restored while restoring hard deleted application. N/A ADO-282865
Unable to restore application owner for hard deleted application registration. N/A ADO-368786
Hard deleted service principal cannot be restored due to missing privileges. N/A ADO-449175

Release 1.6.11 (November 09, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Not all attributes are displayed in the attributes' browser with multiple tenants in On Demand organization. N/A ADO-456721

Release 1.6.10 (November 02, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Combined backup of Conditional Access policies and Service Principal Default Policies options in Configure Backup dialog. N/A ADO-448017
Updated roles and permissions regarding restore application/service principal. N/A ADO-417336

Release 1.6.8 (October 05, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup statistics fails due to issue when downloading backup files. N/A ADO-452664

Release 1.6.7 (October 03, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
New application and service principal for Restore operations. New application and consent permissions will restore Microsoft 365 and Microsoft Entra data to your tenant. The consent granted with this application allows On Demand Recovery to access Microsoft Entra ID to write directory and group data. N/A ADO-417334
Separate service credentials can be specified for backup and restore operations. New Manage Restore settings available to specify service credentials for restore operations of advanced features. Advanced features include conditional access policies and service principal default policies. Service credentials specified in Manage backup settings are now only used for backup operations. N/A ADO-417336

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Expired backups showing on UI when deleted. N/A ADO-352540
Hanging backups when service account is specified. N/A ADO-450011

Release 1.6.6 (September 21, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Mailbox Restore - Integration with ODJRS Managed Identity N/A ADO-437473

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Error occurs when restoring multiple mailboxes - Request_BadRequest. Details: Another object with the same value for property userPrincipalName already exists N/A ADO-392130
Restore button: Improve experience - ensure that a tenant is selected by default (last selected tenant saved). N/A ADO-422990
Token generation is bypassing caching. N/A ADO-447099
Backup task progress is showing wrong information. N/A ADO-447989

Release 1.6.5 (September 12, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Cached delegated token prevents restore to complete successfully. N/A ADO-444541

Release 1.6.4 (August 31, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Group assignment is not restored for service principal when both service principal and group are deleted. N/A ADO-436526
Unpack task fails for very large backups (100m+ members). N/A ADO-445269

Release 1.6.2 (August 17, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Scheduled backup always skips policies regardless of configuration. N/A ADO-443290

Release 1.6 (August 03, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Ability to browse and view list of supported attributes per object type. N/A ADO-436418
Backup to support group members of directory role. N/A ADO-413845
Support restore of directory role group members. N/A ADO-416704
New backup settings - update Manage Backup screen with new settings and clearer requirements for service credentials. N/A ADO-421153
New Guide: Supported Attributes. N/A ADO-436419
Support of Application Extension attributes in Restore Browse. N/A ADO-421150
Implementation of new grid for selection of attributes by object type. N/A ADO-423358
Ability to browse and view list of supported attributes per object type. N/A ADO-436418

Release 1.5.110 (June 06, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Upgrade to Elasticsearch 7.17.0. N/A ADO-407771
Whitesource: Upgrade to Werkzerug 2.2.3. N/A ADO-416131

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Removal of Azure Active Directory Graph permissions from service principals. N/A ADO-415518

Release 1.5.108 (May 18, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Warnings are generated during backup due to missing 'await'. N/A ADO-426398

Release 1.5.105 (April 18, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Issue restoring mailbox link from hard-deleted users (restore of single mailbox). N/A ADO-416859

Release 1.5.102 (March 09, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Error while restoring conditional access policy. N/A ADO-410180

Release 1.5.101 (February 09, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Allow Global Reader permission to be specified for service accounts. N/A ADO-406402

Release 1.5.99 (January 24, 2023)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Addition of Application Registrations to backup statistics. N/A ADO-391346

Release 1.5.98 (January 10, 2023)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Disable restore button when no tenant is selected (instead of hiding). N/A ADO-385901
Incorrect link in error message 'You need to upload certificates to make SAML SSO work again'. N/A ADO-401681

Release 1.5.97 (November 22, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
WCF Relay check hangs with '502' response code. N/A ADO-394935

Release 1.5.95 (November 08, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
WhiteSource vulnerability (high): py-1.11.0-py2.py3-none-any.whl - upgrade to version azure-cli - 2.40.0. N/A ADO-392484
Lost backup monitor works for 14+ hours due to 50 retries when elastic is unavailable. N/A ADO-393149
ODJRS: restoration of inactive mailbox takes too long and the job state never changes. N/A ADO-393716

Release 1.5.94 (October 27, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Addition of object counts for each object type. N/A ADO-373755

Release 1.5.93 (October 20, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restoration of multiple users (more than 3) with a mailbox fails. N/A ADO-391323
Unpacking can be started when no backups has been created. N/A ADO-371726

New features

Feature Issue ID (Jira) Issue ID (ADO)
Support of Exchange Online modern authentication for difference restore operation. N/A ADO-384591
Support mailbox restore for Exchange Online and modern authentication - basic authentication deprecated. N/A ADO-384601

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Validate connection hangs in Manage Tenant dialog. N/A ADO-367197

Release 1.5.91 (September 20, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Lost backup monitor runs for 20+ hours due to increased retry attempts. N/A ADO-385655
AU tenant not displaying under Manage Backups and backups fail. N/A ADO-385072

Release 1.5.90 (September 16, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
SharePoint Online requests require longer timeout. N/A ADO-385275

Release 1.5.89 (September 16, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup failed with ''NoneType' object is not subscriptable' error. N/A ADO-385203

Release 1.5.88 (September 15, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Update from Azure AD Graph API to Microsoft Graph API. N/A ADO-380999

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
WhiteSource vulnerability: lxml 4.6.5 - upgrade to version lxml 4.9.1. N/A ADO-372947
WhiteSource vulnerability: azure.storage.blob 12.10.0 - upgrade required. N/A ADO-376129
Invalid notification process for expired subscriptions and handling of data. N/A ADO-377289
If objects from different tenants were selected, the restore button should not be visible. Select only objects from a single tenant to restore. N/A ADO-379980
Task fails when roles are assigned to a service account via a group. N/A ADO-381764
Unable to read Default Policy for service principal and backup fails. N/A ADO-382912

Release 1.5.86 (July 12, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Enhancement to hybrid connection settings. N/A ADO-364499

Release 1.5.85 (June 30, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Unpacking fails for organization. N/A ADO-371256

Release 1.5.84 (June 07, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Lost backups monitor is not handling exceptions properly. N/A ADO-326952

Release 1.5.82 (May 17, 2022)

New features

Feature Issue ID (Jira) Issue ID (ADO)
Added option to perform differences operation during unpack. N/A ADO-349822
Enhanced the existing restore process to only read backup files that contain relevant data. N/A ADO-329253

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Saving customer credentials may fail due to changes in Azure KeyVault behavior. N/A ADO-328010

Release 1.5.80 (March 31, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Added fix to unpack and restore group with contacts. N/A ADO-346179

Release 1.5.75 (January 27, 2022)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hybrid user restore from Recycle Bin will programmatically set user GivenName into different value. N/A ADO-319713

Release 1.5.72 (December 16, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Error during restore of AppRoles due to service principal object. Error was not displayed in the UI. N/A ADO-314295

Release 1.5.71 (November 30, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hybrid restore: Clearing up "ReadOnly" Hybrid Object attributes for soft deleted user. N/A ADO-316891
Backup failures related to changes in Graph API. N/A ADO-320114

Release 1.5.69 (November 04, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restore on-premises objects source and directory synced displayed incorrect information. N/A ADO-251281

Release 1.5.66 (September 28, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
An error displays that cannot update the default conditional access policy. N/A ADO-262144

Release 1.5.65 (July 20, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hard deleted group/user did not reflect in Differences tab. N/A ADO-265552
Differences tab hangs when the user clicks refresh. N/A ADO-265263/ADO-238672

Release 1.5.63 (June 23, 2021)

New features

Feature Issue ID (Jira) Issue ID (ADO)
When deleting a group, all links that were affected by this action are shown in the Differences report, e.g. Microsoft Entra group membership, SharePoint groups membership, conditional access policies, group owners, and application assignments. N/A ADO-351389

Release 1.5.60 (June 01, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
The backup configuration dialog does not behave properly when incorrect credentials provided. N/A ADO-261437

Release 1.5.59 (May 18, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Issue with running backup when no tenant selected. N/A ADO-258581
Policies not always restored due to caching of objects. N/A ADO-258490

Release 1.5.57 (May 04, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
A notification was not sent after a missed backup due to timeout of services. N/A ADO-255103
Hard deleted user failed to add owner to Service Principal due to insufficient privileges. N/A ADO-248651
Configure backup dialog was unable to open for B2C clients. N/A ADO-255021

Release 1.5.56 (April 29, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Restoration of a deleted user had failed. N/A ADO-254604
Multi-factor authentication status was incorrect when restoring multi-factor authentication settings. N/A ADO-234914
Service Principal restore did not reference a valid application object. N/A ADO-252945
Intermittent backup failures occurred for unknown reason. N/A ADO-257344

Release 1.5.55 (March 23, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
SharePoint user is not created during the restore operation. N/A ADO-251607
On Demand Recovery displays timeout error. N/A ADO-251978

Release 1.5.53 (March 16, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Fixed the discrepancy between data reported from the Backup tab and the Unpacked tab. N/A ADO-248218

Release 1.5.46 (January 25, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Failed backup event and email notification. N/A ADO-226221
Changes in appRoles are not shown in Differences. N/A ADO-226199
Differences report did not show conditional access policy change. RMAZ-1169 ADO-225252
Role assignment is not restored for single sign-on applications. RMAZ-691 ADO-225247

Release 1.5.45 (January 12, 2021)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Difference report: The deleted conditional access policy may fail to appear. N/A ADO-234723

Object search functionality did not work correctly when partial criteria was entered.

N/A ADO-234912
Linking hard deleted user to service principal owner or application owner gave insufficient permission error. N/A ADO-235423
Restoration of user failed due to invalid location. N/A ADO-225236

Release 1.5.39 (December 01, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Backup failing due to the deletion of a tenant

N/A ADO-228850

Release 1.5.35 (November 03, 2020)

New features

Feature Issue ID (Jira) Issue ID (ADO)

On the Unpacked Objects tab, there is now a Mail Enabled filter. This allows you to filter by users and groups who do or do not have a mailbox.

RMAZ-648 ADO-216080

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Changes made to appRoles attributes were not displayed in the Differences report.

RMAZ-1084 ADO-348200

Release 1.5.34 (October 05, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Made adjustments to the Application Proxy backup and restore feature to compensate for the modification that Microsoft made to an API endpoint.

RMAZ-1623 ADO-348180

Release 1.5.33 (October 01, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)

Second restore of hard deleted user unable to complete due to more than one user being found when matching.

RMAZ-1606 ADO-348179

Release 1.5.32 (September 24, 2020)

New features

Feature Issue ID (Jira) Issue ID (ADO)

From this version, On Demand Recovery restores Microsoft Entra Application Proxy applications.

RMAZ-1335 ADO-348241
Application Proxy settings can be restored from the Differences report. RMAZ-1435 ADO-348286

Release 1.5.31 (August 27, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
On Demand Recovery can restore/validate application role assignments that have invalid IDs. RMAZ-1436 ADO-348287

Release 1.5.29 (August 13, 2020)

New features

Feature Issue ID (Jira) Issue ID (ADO)
From this version, On Demand Recovery restores gallery applications using Beta API. RMAZ-1559 N/A

Release 1.5.26 (July 28, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
On Demand Recovery may display wrong timestamps for hybrid objects on the Events screen. RMAZ-1482 ADO-348305

Release 1.5.25 (July 23, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
The Hybrid restore operation does not randomly restore some hybrid attributes. RMAZ-1443 ADO-348172

Release 1.5.22 (June 30, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup creation can fail when getting a password from Azure Key Vault. RMAZ-1452 ADO-348174
Hybrid recovery from encrypted backups does not work. RMAZ-1448 ADO-348173

Release 1.5.21 (June 18, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Hybrid recovery stability has been improved. RMAZ-1317 ADO-348157

Release 1.5.20 (June 16, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Improved stability of On Demand Recovery backups. RMAZ-1442 ADO-348171

Release 1.5.18 (June 09, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
The ssoSettings attribute of a service principal cannot be restored for the corresponding non-gallery Application. RMAZ-1432 ADO-348170

Release 1.5.17 (June 02, 2020)

Resolved issues

Resolved issue Issue ID (Jira) Issue ID (ADO)
Backup settings did not display correctly in the "Create backup" dialog due to a problem with the empty 'created' field. RMAZ-1428 ADO-348169

Known issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of this deployment.

General known issues

Known issue Issue ID (Jira) Issue ID (ADO)
If you restore two groups which are members of the third group which was deleted, the third group can be duplicated after the restore operation. This issue is applied only to non-Office Groups which support nesting. Workaround:To avoid this issue, the user needs either to restore groups one by one (order is not important) or restore all of them at once. RMAZ-18 ADO-226239
On Demand Recovery does not restore Distribution List members and will display the error "Status: 400, Code: Request_BadRequest. Details: Unable to update the specified properties for objects that have originated within an external service." RMAZ-174 ADO-348192
If two users perform the unpack operation simultaneously with the selected "Clear objects" option in the same On Demand organization, one of the processed backups will not be unpacked (or will be partly unpacked). Workaround: Do not select the "Clear objects" option. Also, the restore operation may fail if the user is trying to unpack the backup that is currently processed by another user. RMAZ-270 ADO-225214
Old backups (backups that were created before you remove the tenant) are not shown in the On Demand Recovery user interface if the same tenant was removed and then added again. If you need to unpack, restore or delete old backups, please contact Quest Support. RMAZ-273 ADO-352537
Backup task does not check the Admin consent status, but if the Admin consent is not granted for the tenant, the following error occurs: "The identity of the calling application could not be established." RMAZ-315 ADO-352542
On Demand Recovery does not show the proxyAddresses attribute in the Differences view. RMAZ-338 ADO-352544
The restore operation from the Differences view may fail if you run Refresh before the restore operation is completed. RMAZ-352 ADO-352545
An incorrect (empty) object count may be displayed in the "details pane" of the Restore from Diff task. RMAZ-354 ADO-352546
If you enable Azure Multi-Factor Authentication (MFA), you should regrant Admin Consent for the On Demand Recovery module. Otherwise, you will get the following error during the restore operation: "Failed to refresh access token. StatusCode: 400. ErrorCode: interaction_required. Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access". RMAZ-405 ADO-352553
On Demand Recovery does not support backup and restore of Microsoft Entra tenants created in Azure Germany, or U.S. Government. RMAZ-566 ADO-352561

If a user does not have the service account for the tenant, On Demand Recovery cannot restore permanently deleted service principals provisioned from Azure Gallery. Workarounds:

  1. Install the corresponding application from Azure Gallery once again to re-create the service principal object.
  2. Install SSL certificates for the application.
  3. Configure single sign-on (SSO) options for the service principal (if any).
  4. After that, On Demand Recovery will be able to apply properties from the backup.
RMAZ-690 ADO-352565
On Demand Recovery does not restore MFA authentication methods for a hard deleted user if the mobile application was assigned to this user. NOTE: If any of the following Voice Call/SMS/Office Phone was set up as an authentication method for a user, On Demand Recovery will restore all MFA data for this user. RMAZ-777 ADO-352568
If you restore a permanently deleted user with the enabled Self-Service Password Reset option, Multi-Factor Authentication methods will be displayed as not verified after restore. RMAZ-798 ADO-352570
On Demand Recovery does not support MFA enabled accounts for backup creation. To set the account password to never expire, use the following PowerShell command: Set-MsolUser -UserPrincipalName <name of the account> -PasswordNeverExpires $true For more details, refer this article https://support.office.com/en-us/article/set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4668-9211-230c245a0466 RMAZ-779 ADO-352569
A tenant verification failed message appears when user adds tenant to On Demand Recovery (Core only). N/A ADO-264595
On Demand Recovery does not support backups dated before October 2019. N/A ADO-394268
Unable to restore "Default Policy" (aka SAML Attributes & Claims) - Not supported by Microsoft. N/A ADO-471685
Unable to restore all other policy types - only support Conditional Access Policies and Named Locations with new Graph API. N/A ADO-473450
Unable to update mail-enabled group attributes. N/A ADO-475481
Restoring app role ends with exception 'Failed to update service principal application roles Cannot modify or delete entitlement with origin Application.' N/A ADO-511582
Legacy policies in effect cause following error on restore of MFA authentication methods: “Cannot enable SMS sign-in on phone authentication method as the credential policy is not enabled on the user.” Workaround: Transition to new Authentication methods policies if possible. Microsoft will deprecate legacy MFA policies from September 2025. N/A ADO-518702

Hybrid only known issues

Known issue Issue ID (Jira) Issue ID (ADO)
Granular restore of object membership from the Differences view is not supported. Workaround: Go to the Objects view, find the group that you want to restore and select the member attribute in the attribute list to restore links. RMAZ-252 ADO-225173
Cannot download hybrid credentials with the Error 404 "Not found" may occur. This issue occurs if you try to get credentials right after the registration - it takes about one minute to create the Relay credentials. RMAZ-311 ADO-352541
If the same on-premises object is selected in different unpacked backups on the Objects view, On Demand Recovery will perform the hybrid restore of the object on the first selected backup date. RMAZ-355 ADO-352547
If multiple objects are selected for restore and there is Directory Synchronization Service Account among them, the restore operation will fail for all objects with the error "Failed on-premise restore. Error: Value cannot be null". RMAZ-358 ADO-352548
Hybrid restore (from Objects or Differences view) uses attribute values from the on-premises backup. So, these values may be different from the corresponding values shown in the Differences or Objects view. RMAZ-373 ADO-352551
Restore of the usageLocation cloud attribute does not work for the "Exchange Hybrid" scenario. RMAZ-457 ADO-352554
A restore of a hybrid cloud user that was permanently deleted may fail, if Microsoft Entra Connect cannot synchronize the newly created user from the on-premises Active Directory to the cloud. Workaround: Force Microsoft Entra Connect initial synchronization to fix this issue, then restart the restore operation. RMAZ-485 ADO-352559
Cannot restore cloud attributes for a permanently deleted user in hybrid scenario after the user was recreated by Microsoft Entra Connect. The following error will arise: "Another object with the same value for property userPrincipalName already exists " RMAZ-720 ADO-352566
On Demand Recovery cannot restore the onPremisesDistinguishedName property for permanently deleted users in hybrid scenario. In this case you will get the following error message: "Property 'onPremisesDistinguishedName' is read-only and cannot be set" error. RMAZ-721 ADO-352567
Hybrid restore may fail with the following error: "The ChannelDispatcher at 'sb://backupaad-rmaz-hybrid-us.servicebus.windows.net/org-f555beae-38fa-4d0a-b502-08c4b93b01da' with contract(s) 'HybridRestoreServiceContract' is unable to open its IChannelListener". Workaround: Restart the Recovery Manager Hybrid Connect service. RMAZ-907 ADO-352573

Import-Module ADSync command may not work correctly on the Microsoft Entra Connect host. Workarounds:

  • Make sure that Import-Module is available globally on the Microsoft Entra Connect host.
    -OR-
  • Сopy the AADSync.psm1 file manually from the Recovery Manager Portal machine to the PowerShell default folder on the Microsoft Entra Connect host.
RMAZ-931 ADO-352574

Quest Migration and Management Platform known issues

Known issue Issue ID
You may see a "white screen" instead of spinning preloader when starting On Demand Recovery. QMMP-74
The "Select all" option does not work properly in the "Select attributes" dialog that opens when you click Browse in the Restore Objects dialog. If you select the "Select all" check box, all attributes will be selected, but will not be restored. QMMP-130
Invalid sorting of data by 'Task Name' and 'Object Name' fields in the Events view. QMMP-142
Resizing issue: Shows gray overlay on small displays when the side bar was initially in the expanded state. QMMP-159
Scrolling hangs if there are more than 10000 objects in a list. Workaround: Use sorting or filtering option to narrow your search scope. QMMP-177, QMMP-182
The timelines on the Events and Backups show incorrect results if you select an interval in the timeline and then click any date range link on the left side of the screen. QMMP-184
If you work with Internet Explorer 11, dialogs launched from the Differences and Dashboard screens may show controls from the lower layer. Workaround: Resize the browser window. QMMP-201
Details panel on the Objects view shows tasks in a random order. QMMP-221
On the Dashboard view, if you click on any specific status in the objects widget, you will be redirected to the Objects view with this status as a filter. Then, if you go back to Dashboard and click on the widget title (total number of objects), you will be redirected to Objects with the previous status filter. QMMP-228
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating