Azure Active Directory Recycle Bin Won’t Save You in a Cyber Disaster

cyber security

Greg Jones, Senior Product Manager, Semperis, explains the issues with relying on Azure AD recycle bin to help you in the event of a cyber attack

The ability to reverse mistakes has probably saved every Active Directory admin worldwide at least one stress-induced headache during their career. For on-premises AD deployment, the Active Directory Recycle Bin feature allows admins to restore accidentally deleted objects without using a backup.

Anything placed in the Recycle Bin is accessible for 180 days. If you make a mistake, the Recycle Bin can be a godsend, and IT teams considering Azure Active Directory will be happy to know that the cloud service has a Recycle Bin feature of its own. 

However, what might surprise them is that there are differences between the on-premises AD Recycle Bin and what is available in the cloud. As useful as the Recycle Bin is, it is not a panacea for your Azure AD resources backup and recovery needs. To understand why let’s talk about the feature’s functionality.  

Before moving to Azure AD, organizations should first assess the impact of the change on their security, data backup, and compliance. Though the Recycle Bin function might seem like a relatively minor matter, the reality is that without it, bringing back deleted objects would become a manual, time-consuming process. Both on-premises and in the cloud, enabling the Recycle Bin makes life easier. Still, as part of assessing your move to the cloud and the functionality of Azure AD, it is essential to understand what the Recycle Bin does and does not do. 

We all make mistakes. Just like in your on-premises AD environment, the Recycle Bin in Azure AD allows administrators to restore user objects in the event of accidental deletion. However, all objects are not protected. The Recycle Bin feature for Azure AD enables the recovery of only user objects, application objects, and Office 365 groups.

Delete a setting, and the Azure AD Recycle Bin will not help. If you are using Azure AD sync and accidentally delete an on-premises AD user object, the corresponding user object in Azure AD will also be deleted during the next sync cycle.  

User objects do not stay in the soft-deleted state for 180 days. This timeframe is a significant difference between Azure and on-premises AD. In Azure, deleted objects are kept only for 30 days. This time limit cannot be extended. After 30 days, the objects are hard-deleted. 

Modified object attributes cannot be recovered. While a user object can be brought back from accidental deletion via the Recycle Bin feature, specific attributes cannot be. The only way to restore modified attributes is through backups, which brings us to our next point. 

The Recycle Bin cannot serve as a replacement for backups. It is only a starting point. While its functionality might be enough to reverse deleted object mistakes, its limitations preclude it from being a solution to your backup and recovery needs. Enabling the Recycle Bin feature in Azure AD offers protection for a particular scenario. However, if your organization needs to restore information such as modified attributes or recover certain types of objects, the Recycle Bin will not suffice. 

In the event of a ransomware attack, for example, the Recycle Bin is of no use if, for example, user accounts are compromised. In that case, the Recycle Bin won’t help with recovering those accounts. Additionally, the fact that it can be used only to recover a specific type of object that has been deleted for 30 days or less also makes it a non-viable solution for your longer-term backup and recovery needs.  

From the standpoint of an attack, if one of the threat actor’s activities involves deleting users, they will likely go to the Recycle Bin to finish the job. This final deletion will make it impossible to recover the user object without using a backup. But more likely, an attacker will change settings such as changing role assignments, turning off multifactor authentication, and altering conditional access policies. 

Without a single spot where administrators can go to evaluate every setting that has been changed, they will be left to remember and manually fix all of the modified configurations. In this reality, failing to monitor activity across on-premises and cloud AD environments and failing to implement an effective backup and recovery strategy can lead to disaster. 

Read More:

For organizations to operate in the cloud with confidence, they need the ability to restore their environment anytime unwanted changes are made. The Recycle Bin offers a partial solution to this need but is only one piece of a larger Azure AD security puzzle.  

Click here to discover more of our podcasts

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Greg Jones

Greg Jones, Senior Product Manager for Azure Solutions at Semperis, has been focused on directories and messaging throughout his 20+ year career in the tech industry. Greg has had served in various roles which span product management, technical sales, architecture, and administration. He has held positions in both commercial and in the public sector. Greg most recently has focused on SaaS, building both tenant-to-tenant migration solutions and AAD/M365 Management solutions. He has held positions at Quest Software, Dell, and Quadrotech as well as being a veteran of the USAF.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...