Recovering Azure application assignments with On Demand Recovery

My name is Matthew Vinton, a solution consultant with Quest Software. Today you will see how On Demand Recovery for Azure Active Directory can enable you to make recovery from a difficult situation much, much more simple. So Aaron here is about to have a bad day. Aaron is a member of an Active Directory group that synchronizes to the cloud that provides a single sign-on access to an application-- in this case, LinkedIn. This group is managed in on-premises Active Directory and synchronizes to Azure Active Directory in the cloud through Microsoft's Azure AD Connect. So this group is going to be inadvertently deleted. And now within the next several minutes, Azure Active Directory Connect is going to dutifully replicate those changes to the cloud. So now if we click Refresh, we can see that Aaron no longer has access to the application that he used to. So how do we get that back? We simply need to maybe recover the on-premises group from the AD recycle bin. Right? Well, unfortunately, this won't work, as after recovery, Azure AD Connect will create a brand new group in Azure Active Directory when it resynchronizes, a group with absolutely no association to the original application that granted Aaron access. Fortunately enough, we have on-demand Recovery for Azure Active Directory, which makes this process simple. So all we need to do is tell on-demand Recovery for Azure AD that we need to recover this group. Let's take a look at how we do that. Unpack a recent backup. Then we click the Differences tab. And we can see here that Recovery for Azure Active directory is letting us know that this group no longer exists. All we need to do is click it and choose Restore. So this does several things. Recovery for Azure Active Directory reaches out to Recovery Manager, all on-premises, to recover the original Active Directory object. Then it forces synchronization from the on-premises object into the cloud. And finally, it restores the application assignment within Azure Active Directory. So now, if we take a look at the events, on-demand Recovery for Azure AD is going to tell us everything that it just did-- restored the on-premises group, synchronized those changes back into Azure Active Directory, and reassigned the group to the appropriate application. Look in Active Directory. You can see our group is back there. And now, most importantly, we take a look at Aaron's portal. Hit refresh. You'll see that LinkedIn is back where it used to be. So for more information about Quest On-Demand, go to quest.com/on-demand. Thank you very much.