This section provides step-by-step instructions on how to use On Demand Recovery.
- Go to Quest On Demand and sign up for Quest On Demand. For more details, refer to Signing up for Quest On Demand.
- Add your Azure Active Directory tenant as described in the Tenant Management section in the On Demand Global Settings User Guide.
- After the tenant is added, make sure that the permissions required to work with Azure Active Directory tenant are granted. To grant the required permissions, click Go on the tenant tile and check that the Recovery module has the Granted status. For details, please see the Admin Consent Status section in the On Demand Global Settings User Guide.
Note: Microsoft admin consent status is "expired" after 90 days and the Recovery module status is changed to "Not Granted". Once expired, you must grant admin consent again to continue using the module.
- To launch On Demand Recovery, click Recovery on the left pane. The Dashboard screen opens.
- To configure a hybrid connection with on-premises Active Directory, see Integration with Recovery Manager for Active Directory.
- To configure the backup settings, perform the following steps:
- Click Manage Backups on the Dashboard screen.
- Select the tenant from the list and click Edit. The Configure backup dialog opens.
- To enable the backup creation, select Enabled next to the Schedule option.
- Specify the backup retention period using the Retention policy option. The backup retention policy is also applied to backups that are started manually.
- To back up multi-factor authentication settings, inactive mailboxes, and conditional access policies, select the Back up MFA settings, conditional access policies and data related to inactive mailboxes option.
- To back up Application proxy settings, select the Back up Application proxy settings and connector groups option.
- Specify service account credentials for the tenant. For details about required permissions, see Required permissions.
- Check the status of the module admin consent.
- If you need to run the backup creation manually, go to the Tasks screen, select the Backup task and click Start.
- To start the backup creation manually, you can use the Create Backup option on the Dashboard screen.
- To unpack a backup:
- Go to the Backups screen.
- From the Tenant drop-down list, select the tenant, then select the backup you want.
- You can specify predefined or custom date ranges to narrow the search results.
- Click Unpack in the actions menu.
- If the option Unpack service principals and devices is not selected, the unpack operation will work faster and the Differences report will contain only changes related to users and groups. For more details about this option, see Backup unpacking.
- In the Backup Unpacking dialog, click Unpack.
- When the Unpack backup task is completed, go to the Unpacked Objects screen and select the users and groups that you want to restore and click Restore.
Note: If you do not unpack a backup, the Unpacked Objects screen will contain no objects or show a list of objects that were extracted from the previously unpacked backup.
- In the Restore Objects dialog, you can select the following options:
- Restore deleted users and groups from Recycle Bin - Restores accidentally deleted users and Office 365 groups from the Recycle Bin. On Demand Recovery preserves original object identifiers (GUID).
- If a user or group is not found in Recycle Bin, create a new one - Recreates permanently deleted users, groups, and subgroups. This option recreates users and groups with attributes that are required for object identification. If you need to restore all attributes for the object including membership information (links), use this option together with the Restore all attributes option.
- If a hybrid user already exists in Azure Active Directory, delete it before the restore operation - This action lets you preserve the original cloud mailbox of a hybrid user after restore in the following scenario:
- There is a hybrid user. This user is deactivated by the administrator for some reason.
- Then the user returns, and the account is enabled again by the administrator. After the activation, the user is recreated in the cloud with the new mailbox.
- We want to use the original cloud mailbox for the user. The only one way to do this is to restore the user from a backup. But before the restore, the newly created cloud user must be removed from Azure AD using this option.
- Restore all attributes - Restores all object attributes including membership information (links). If this option is not selected, you can specify specific attributes that you want to restore by clicking Browse.
- Also, you can view differences between the selected backup and live Azure Active Directory or Office 365 and revert the selected changes using the Differences report tool. For more details, see the Reporting section. You can export the selected report data to the CSV file.
- You can view the status of your Restore objects task on the Tasks screen.
- Open the Events screen to view errors or warnings, if they occur during the restore operation.
- Use the Export option to export the selected log data to the CSV format.
- Use the Acknowledge option to hide events that are not actual anymore. The status of acknowledged events is changed from 'Current' to 'Obsolete'. To view the list of obsolete events, click Obsolete on the left side of the screen.