Summary
This article describes scenarios where a user can undo changes in managed systems with rollback action in Cayosoft Guardian.
Roll back the changes in Distribution Lists and Memberships
When deleted, Exchange Online Distribution Lists are not moved to the Entra ID Recycle Bin and thus can't be recovered with the native tools. Cayosoft Guardian helps you recover a deleted Distribution List by re-creating the group object, converting it to the Distribution List using Exchange Online, and then restoring the group's membership.
To perform the rollback of the Microsoft Exchange Distribution List (DL):
- In the Cayosoft Guardian web portal, navigate to History > Change History.
- Enter the Distribution List name in the Quick Search bar.
- Find the Delete object event for this group and select it.
- Click Rollback.
- Wait for the Job completed successfully notification to appear in Notifications.
- When the restore job is completed, you can find the newly added change records in the Change History: Undelete object and Add Azure AD group member(s).
- Open Microsoft 365 Admin Center and observe whether the DL has been restored with its membership.
Bulk rollback of changes to Entra ID/Office 365 users
When synchronizing user properties from an HR system or other source, data may become corrupted in the source system. In this case, incorrect changes should be rolled back to their previous state. In native tools, to revert these changes, you should find these users, identify the proper previous value, and then perform the change on each user individually.
To roll back multiple changes simultaneously:
- In the Cayosoft Guardian web portal, navigate to Change Monitoring > Change History.
- Search by modified property Mobile Number.
- Select these changes for multiple cloud-only user accounts.
- Click Rollback.
- For each modified object, wait for the Job completed successfully notification to appear in Notifications.
- When the restore is completed, you can find the newly added change records in the list.
- Open Microsoft 365 Admin Center and check that user phone numbers were restored to initial values.
Roll back AD privileged group membership
IT Administrators want to be notified in their Microsoft Teams when privileged group membership is changed by configuring notifications about privileged group membership changes in Microsoft Teams. For details, see the Configuring notification channels article.
To rollback:
- Get a notification in Teams when a privileged group membership is changed.
- Click the Click for details link.
- Sign in to Guardian. You will be redirected to the privileged group membership change.
- Click Rollback.
- As a result of the restore, the user recently added to the privileged group will be removed.
- Open ADUC and check whether the user has been removed from the group.
In case you don't have Teams connector configured, you will get the alert in Guardian that a new member has been added to the Domain Admins group after adding a user to a privileged group. In addition, such a change record will be red-marked in the Change History list.
Rollback membership in the hybrid group
When you need to restore a hybrid group or group membership using native tools, the administrator should perform the following steps:
- User accounts should be added to the Active Directory group.
- Wait for Entra ID Sync to run or run it manually.
- Verify that the correct user accounts in the Entra ID/Office 365 have been added to the synchronized group.
Cayosoft Guardian allows a single-click recovery across systems for complex hybrid scenarios like the recovery of a hybrid group membership. During the restoring of group membership, Guardian determines if it is a hybrid restore and performs restore in Active Directory at first and runs sync for Entra ID. Thus, you can perform a restore from a change record for any system: Active Directory and Office 365.
To roll back a hybrid group membership:
- In the Cayosoft Guardian web portal, navigate to Change Monitoring > Change History.
- In Quick Search, enter the name of the user that has been removed from the group.
- There are two Remove from group events for this user account for Active Directory and Office 365.
- Select any of them and click Rollback.
- Wait for the Job completed successfully alert to appear in Notifications.
-
When the restore is completed, you will see new Add to group change records for both systems: Active Directory and Office 365.
- When restoring group membership, Guardian analyzes what kind of group it is. If it is a hybrid group, Guardian first restores Active Directory group membership and then runs Entra ID Sync to synchronize group membership in Office 365.
- Group membership is restored in a hybrid group.
Roll back team guest settings changes
Cayosoft Guardian allows you to know about the modified team's guest settings and restore them.
To configure alerts about Teams guest settings changes:
- In the Cayosoft Guardian web portal, navigate to Change Monitoring > Change Alerting Rules.
- Select the Teams guest settings changes rule.
- Click Properties>Workflow Steps.
- Ensure it is Disabled.
- Click Save.
How to restore Teams settings
- When team guest permissions settings are changed, you will see the alert in Guardian.
- In the Cayosoft Guardian web portal, navigate to Change Monitoring > Change History.
- In the Quick Search bar, enter the team name whose settings have been changed.
- To exclude Office 365 group changes from the grid, apply filter Teams changes.
- Find Update properties event for this team. It will be red-marked.
- Click Rollback.
- Wait for the Job completed successfully notification to appear in the Notifications area:
- When the restore is completed, you can find the newly added change record on the list.
- In Microsoft Teams, open team settings and check whether the guest settings have been restored.
Restore a deleted Organizational Unit
To restore a deleted Organizational Unit:
- Open Change History.
- Clear filters.
- Select the Delete object in the Action filter.
- Select AD Organizational Unit in the Object type filter.
- Use the Search filter to search by name if necessary.
- Select the deletion record and click Rollback.
NOTE: Cayosoft Guardian creates Rollback jobs for all child objects deleted with this OU. For large-scale restores that may involve recovering thousands of objects, it is recommended to use Authoritative restore.
Comments
0 comments
Please sign in to leave a comment.