Blogs | Company News

Quest Software introduces new identity controls, FedRAMP High Authorization, and disaster recovery capabilities

Avatar photo
Post author:Written By |

More enterprises are embracing AI-driven transformation and therefore identity has become the ultimate measure of digital trust. At the Gartner Identity & Access Management Summit 2025, Quest Software is announcing upcoming updates to its security and disaster recovery solutions that will help strengthen organizations’ most critical Microsoft identity systems—Active Directory (AD) and Entra ID.

Continuing momentum from recent AI-enabled updates to Security Guardian and On Demand Migration, Quest’s accelerated roadmap and innovation to improve AD and Entra ID security, resilience, and cloud readiness reinforce the company’s leadership in AI-powered identity protection and cybersecurity. The upcoming feature updates across On Demand Recovery, Disaster Recovery, and Security Guardian, along with forthcoming FedRAMP High Authorization within Azure Government Cloud for multiple products, further establish a clearer path for organizations and public sector agencies that demand stronger control of both human and non-human identities.

Quest Software has decades of experience helping enterprises and public sector organizations manage data, secure Microsoft identities, and modernize platforms through migration – all essentials for AI success. Quest is a recognized market leader in AD and Entra ID migration, modernization, security, audit and resilience, and was named an example vendor in multiple categories in the Gartner 2025 report titled, “A Well-Run Active Directory Requires Strong Identity Controls.”1

FedRAMP High Authorization

To best serve public sector and highly regulated industries, Quest’s Security Guardian, Security Guardian Audit, and On Demand Recovery are planned for FedRAMP High Authorization within Azure for U.S. Government early in 2026. The authorization aligns with NIST 800-53 and Zero Trust controls, and is part of Quest’s commitment to software supply chain security. Quest invests in mature supply chain risk management practices and an airgap-secured assembly process that exceeds industry standards.

Chris Borneman, Chief Technology and Operations Officer for Quest Software’s Public Sector business, said: “Identity recovery is a high priority for federal agencies. FedRAMP High Authorization confirms that Quest meets the security and supply chain expectations of the government and its most stringent requirements, removing a barrier for agencies that need proven identity resilience for zero trust and continuity of operations. We’re excited to add this level of added security to our already trusted portfolio.”

New Entra ID recovery features

Following robust customer and partner conversations during Microsoft Ignite 2025, we heard consistent feedback around Entra ID recovery and cloud application resilience. One theme in these conversations was clear, and it came from a variety of professionals – identity experts, application owners, and cloud architects – organizations are concerned not just about restoring Entra ID and/or AD, but also restoring the related details required to log into applications. This is because without app access, their businesses will still be offline.

Most identity teams admit they would ultimately be the ones held responsible for restoring access — even if a backup team restored Entra — because the app authentication path is still broken if service principals, Conditional Access policies, OAuth settings, or App Proxy configuration aren’t recovered accurately.

Quest has nearly a decade of experience developing Entra ID recovery and is well-equipped to support organizations restoring both identities, and their associated apps. To further support these efforts and provide another layer of assurance, Quest is expanding Entra ID recovery in On Demand Recovery to give customers clearer control and better options during incidents. These enhancements, which will be generally available by Q2 2026, include:

  • Bring Your Own Key. This capability will give customers the ability to manage their own encryption keys through their preferred key service. This will result in stronger security, compliance with strict regulations, and customer confidence that their data remains theirs.
  • Microsoft Intune backup and restore. This service will support backup and recovery of Microsoft Intune policies and configurations. Native Intune recovery is limited, but Quest will help restore settings quickly and reduce downtime during outages or configuration issues.
  • Cross-tenant restore. When a tenant is compromised during mergers and acquisitions this will help support recovery by restoring Entra ID backups to a different tenant, removing the dependency on the compromised tenant during recovery.

Active Directory disaster recovery improvements

Active Directory is still the backbone of authentication and group policy for many enterprises and public sector agencies, which also means it’s a prime target for cybercriminals. Given the cost of AD downtime, which can cost more than $1 million per hour, rapid, safe, and accurate ransomware recovery is paramount to business continuity. To continue its leadership in providing the flexibility, speed, and scale needed for unpredictable attack scenarios, Quest is updating its AD recovery products to reduce manual effort, accelerate recovery time objectives, and ensure accurate and safe restores.

  • Standby forest provisioning for ransomware recovery readiness. Coming in early 2026, this capability automates the scheduled creation of standby AD environments, with Gartner-recommended best practices to target these backupsinto an isolated recovery environment (IRE) for safety and segregation. This ensures forests are always current and ready for recovery, strengthening ransomware resilience and supporting compliance and audit readiness. This will give organizations a proven, repeatable recovery posture rather than hoping backups will work when it matters.
  • Automated Microsoft Azure VM provisioning. During a ransomware attack, you need to restore to a new machine you can trust. With Quest you can automate the creation of clean virtual machines in Microsoft Azure during disaster recovery or test scenarios, reducing manual intervention and human error. This enables you to recover AD to a readily available, secure and cost-effective machine that you can trust is clean from malware. Already included in on-premises-based Recovery Manager for Active Directory Disaster Recovery Edition (RMAD DRE), this enhancement will be added to SaaS-based Disaster Recovery for Identity (DRI) at the beginning of next year.
  • Phased recovery to shorten recovery time objective. Phased recovery restores identity trust faster by bringing critical domain controllers online first, re-establishing sign-in and business-critical services while containing the impact of an AD outage. Instead of waiting for a full rebuild, it accelerates recovery time objective (RTO) by automating the repromotion of remaining DCs at scale—reducing downtime, manual effort, and recovery risk. This structured sequence delivers recovery materially faster and more resilient in real-world ransomware and AD failure scenarios. Already included in RMAD DRE, this capability will also be added to DRI during the first quarter of 2026.

Security Guardian extends AI workload identity coverage

Following the announcement at Microsoft Ignite 2025 where Quest introduced GenAI to Security Guardian to identify and classify Entra ID workloads, in Q1 2026 we’ll add the same support for Active Directory workload identities to Security Guardian. This feature will help customers find unmanaged service accounts and reduce exposure from non-human identities

A clearer path for identity security and recovery

We know that identity programs depend on visibility, control, and reliable recovery, and we’re moving fast to innovate. This is proven through continued innovation and updates that we have announced over the past quarter for Security Guardian and On Demand migration. We’re continuing to work fast and introduce new capabilities to support our customers and partners, and give them the right tools and confidence to be successful in the AI era.


Gartner, “A Well-Run Active Directory Requires Strong Identity Controls” (ID G00830063), Paul Rabinovich, 8 May 2025.  

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Rakesh Shah

    Rakesh Shah is the VP of Product Management & Marketing for the Identity & Migration portfolios. Previously, he was the VP of product management for all products & services at LevelBlue, formerly known as AT&T Cybersecurity. He also led product management at AlienVault, prior to its acquisition for AT&T.

    Rakesh also led product management for insider threat, behavioral analytics, and security orchestration products at Forcepoint, and he also spent over 15 years at Arbor Networks in a variety of roles in product management, marketing, and engineering leadership roles. He has an M.B.A. from the University of Michigan, Ann Arbor. Also, he holds an M.Eng. degree from Cornell University and a B.S. degree from University of Illinois at Urbana-Champaign, both in Electrical & Computer Engineering.

    Meet Quest Software at the Gartner IAM Summit

    Discover AI-powered identity security innovations, 90% faster ransomware recovery, and Microsoft-certified modernization. Visit Dec. 8-10 in Dallas for demos, prizes, and more.
    Learn More →