Guardian
PRODUCT
CayosoftGuardian
Unified console: hybrid AD change monitoring, instant rollback, & threat detection — the most comprehensive solution.
Cayosoft Guardian: Catch threats early, roll back risky changes instantly, and stay audit-ready across AD and Entra ID—all from one secure, script‑free platform.
Catch threats early, roll back risky changes instantly, and stay audit-ready across AD and Entra ID—all from one secure console.
Hybrid AD management
CayosoftGuardian
Catch threats early, roll back risky changes instantly, and stay audit-ready across AD and Entra ID—all from one secure console.
Protect What Matters Most
Threats Detected & Reversed
Protect What Matters Most
Threats Detected & Reversed
6 Logs to View Hybrid Changes
$11.5M = Cost of Insider Threats
Recycle Bin Only Stores for 30 Days
Hybrid Active Directory Recovery and Monitoring Software
Avoid Costly Hybrid AD Outages from Cyber Threats or Mistakes – In a Single Solution
Your Active Directory (AD) or Microsoft Entra ID (formerly Azure Active Directory) contain vital user identities that are crucial to ensuring your business operates without interruption. Whether from malicious actions, like cyberattacks and malware, or mistakes, like accidental deletions and misconfigurations, corruption of your Active Directory can stop your business in its tracks and cause costly outages that can last hours, days, or even weeks.
Why Cayosoft Guardian
Why Cayosoft Guardian
Cayosoft Guardian was designed to reduce the complexity of hybrid Active Directory security, by combining threat detection, monitoring, and recovery into one comprehensive solution. Cayosoft Guardian continuously monitors directories and services, allowing you to isolate suspect changes and instantly recover unwanted changes made to both objects and settings. This is done across on-premises AD, hybrid AD, Entra ID, Office 365, Microsoft Teams, and Exchange Online, all from Cayosoft Guardian’s single, unified console.
Protect Vital Infrastructure
Active Directory is used by 90% of organizations worldwide, making it a prime target for cyberattacks.
Stop Attackers In Their Tracks
Discover and eliminate hybrid AD vulnerabilities. Identify and revert malicious changes before exploited.
Keep Business Running
Avoid or minimize the impact of costly ransomware attacks and AD outages. Ensure business continuity.
Features & Benefits
Want to further secure and protect your hybrid Microsoft environment?
Instant AD Forest Recovery
Guardian Forest Recovery
Learn More >Single Product Hybrid AD Management
Administrator
Learn More >
Download our whitepaper
10 Best Practices for Hybrid Identity Threat Detection & Response
Trusted By
5+ Million
Users Worldwide
With comprehensive solutions, exceptional support, and frequent releases it’s no surprise we have 99% customer retention and 4.8/5 star customer satisfaction ratings.
...Clearly Delivers on its Promises
“Guardian clearly delivers on its promises. Its continuing monitoring and protection of on-premises and/or Azure Active Directories (now Microsoft Entra ID) guarantees that most changes can be rolled back swiftly and at the touch of a button, without administrators having to go through numerous logs or resort to backup scripts or files.”
NUNO MOTA
Microsoft MVP
...Easily Identify the Issue & Restore Access
“An inaccurate update caused our internal communications to go down. Over 4k medical personnel lost access to their Microsoft Teams and Exchange. With Cayosoft Guardian, we were able to easily identify the issue and restore access. It allowed us to revert the change with just a few clicks.”
IT MANAGER
National Healthcare Organization
Manage, Monitor, Recover
Cayosoft delivers modern hybrid architecture for AD, Entra ID, Microsoft 365, Intune, and Teams
Cayosoft Administrator™
Manage Hybrid AD from a Single Pane of Glass
Cayosoft Guardian Forest Recovery™
Instant AD Forest Recovery
Cayosoft Guardian™
Unified Hybrid AD Change Monitoring, Instant Rollback, and Threat Detection
See Cayosoft Guardian In Action
How Cayosoft Compares
Continuous Monitoring of Active Directory
Instant Recovery of Active Directory
Cayosoft Guardian™ FAQ
GENERAL OVERVIEW
Cayosoft is the leader in hybrid Microsoft identity management, trusted by enterprises worldwide. We deliver automation, security, and recovery for AD, Entra ID, and Microsoft 365—all from a single platform. With 99% customer retention, 100% hybrid focus, and 100% customer satisfaction, customers don’t just trust Cayosoft—they love us.
Cayosoft Guardian is a real-time hybrid identity protection platform purpose-built for Active Directory (AD, Microsoft Entra ID (formerly Azure AD), Intune, and Teams. It delivers continuous monitoring, change auditing, and one-click rollback to reverse unauthorized changes before they become security incidents or compliance failures.
Cayosoft Guardian is ideal for:
- Identity and Access Management (IAM) teams
- Security Operations Centers (SOCs)
- Compliance and audit professionals
- Hybrid identity architects and enterprise AD admins.
Capabilities and Functionality
Guardian tracks changes across:
- On-prem AD and Entra ID
- Group memberships (e.g., Domain Admins)
- User and group attributes
- Conditional access policies
- Group Policy Objects (GPOs)
- Password policies
- Object deletions, disables, and privilege escalations
It allows admins to instantly reverse unauthorized or mistaken changes, including bulk operations, without needing to restore outdated backups or relying on event logs. You can restore individual attributes, objects, or entire groups in seconds.
Yes. Guardian is explicitly built for hybrid Microsoft environments and supports:
- Multi-domain, multi-forest AD
- Multiple Entra ID tenants
- Cross-platform views of AD, Entra ID, and Microsoft 365 (Teams, Exchange, Intune)
No. Guardian is agentless. It reads from native APIs and change logs to monitor identity systems securely and efficiently.
Security and Threat Detection
It continuously inspects your environment for:
- Indicators of Exposure (IOEs): e.g., stale accounts, overprivileged users
- Indicators of Compromise (IOCs): e.g., unauthorized privilege changes
- Indicators of Attack (IOAs): e.g., lateral movement, suspicious deletes.
Yes. Guardian integrates with:
- Email and syslog for immediate alerting
- SIEM and SOAR platforms like Splunk, Sentinel, or QRadar
- Custom alert thresholds (e.g., domain admin changes, mass disables)
Absolutely. Guardian helps enforce Zero Trust by:
- Preventing standing admin privileges
- Alerting on privilege escalations
- Enabling least-privilege enforcement via integrated RBAC policies.
Compliance and Audit Readiness
Yes. Cayosoft Guardian provides:
- Immutable, centralized audit trails
- Customizable reports by object, admin, time, or change type
- Scheduled report delivery for internal or external auditors
- Support for HIPAA, SOX, PCI-DSS, NIST, and GDPR compliance.
Yes. Guardian monitors all identity changes—even those made through other tools, PowerShell, or native consoles—ensuring complete visibility and accountability.
Deployment and Operations
- Installs on a Windows Server VM or physical box
- Agentless—no software installed on domain controllers
- Low system impact by using native APIs
- Supports high availability configurations.
Most customers deploy and start monitoring within hours. There’s no need for scripting or domain controller changes, and Cayosoft provides onboarding assistance if needed.
- 1M+ users
- Dozens of domains or forests
- Multiple Entra ID tenants
- Multi-region, multi-tenant hybrid infrastructures.
How It Integrates
Yes. It complements:
- SIEM solutions (e.g., Microsoft Sentinel, Splunk, QRadar)
- SOAR platforms (e.g., Cortex XSOAR)
- Endpoint detection tools (e.g., CrowdStrike, Microsoft Defender)
Guardian fills the gap between endpoint security and identity layer protection.
Yes. Guardian is part of the Cayosoft Enterprise suite. When paired with Administrator and Guardian Forest Recovery, you get a complete lifecycle end-to-end management tool for Microsoft environments.
Why Cayosoft Guardian Over Other Tools?
| Feature | Cayosoft Guardian | Legacy/SIEM/EDR Tools |
|---|---|---|
| Hybrid AD + Entra ID Coverage | Full native support | Partial or none |
| Real-Time Change Monitoring | Second-level tracking | Event log dependent |
| One-Click Rollback | Yes | Manual recovery only |
| Agentless Architecture | Yes | Often agent-based |
| SIEM/SOAR Integration | Built-in | Requires customization |
| Immutable, Auditable Logging | Yes | May need external setup |
| Compliance Reporting | Templates + delivery | Manual export required |
| Designed for Hybrid Identity Security | Purpose-built | Infrastructure/endpoint-focused |
Guardian FAQ
Cayosoft Guardian provides monitoring, backup, and recovery for a number of AD objects, attributes, and settings critical to maintaining AD security and operational integrity, including:
On-Premises Active Directory (AD):
- Contact, group, user, and computer objects and attributes
- Group memberships, group policy objects (GPOs) and GPO settings, privileged groups, organizational units (OUs), and Conditional Access policies (CAPs)
- On-premises Exchange settings and policies
Microsoft Entra ID (formerly Azure AD):
- Users, groups, and guests
- Roles, group memberships, administrative units, and Conditional Access policies
Office 365:
- Exchange Online and Microsoft Teams settings and policies
Yes, Cayosoft Guardian delivers continuous AD monitoring and real-time alerts across hybrid Active Directory environments to changes, like AD users and groups, Entra ID roles, privileged AD groups, and Microsoft Teams settings. Cayosoft Guardian’s alert query also provides a simple way for you to create custom notifications to admins through Microsoft Teams and/or email.
Yes, Cayosoft Guardian will restore hard-deleted or permanently deleted AD objects. Since the objects are no longer present in Active Directory or Entra ID, Cayosoft Guardian will recreate the object using the details stored in its database.
Note: While Guardian recreates deleted objects, some links to those objects are not restored and may need to be manually assigned. For additional information or questions about how Cayosoft Guardian recovers deleted AD objects, reach out to us.
Unlike traditional Active Directory (AD) backup software, like bare-metal backups, system state backups, full backups, or incremental backups, Cayosoft Guardian continuously backs up your Active Directory and Entra ID in real time, allowing you to quickly and easily revert changes to any point in time. This not only reduces storage space required but eliminates the risk of reintroduction of ransomware, reinfection, and additional corruption that can occur with some legacy Windows server backup tools.
Cayosoft Guardian does not recover on-premises domain controllers, but Cayosoft Guardian Forest Recovery does. Learn more about Cayosoft Guardian Forest Recovery, including all the features of Cayosoft Guardian plus domain controller recovery and forest recovery.
Resources for Active Directory Recovery and Monitoring
Datasheet
Unified, Instant AD Recovery and Change Monitoring Solutions
Cayosoft Guardian is the only solution to combine AD monitoring and backup across Microsoft environments. With Cayosoft Guardian, IT admins can quickly see, understand, and rollback mistakes or malicious changes to Active Directory objects, attributes, and settings.
Product Review
Review: Hybrid and Entra ID Recovery and Protection Solution
Microsoft MVP Nuno Mota reviewed Cayosoft Guardian, a comprehensive recovery solution for on-premises Active Directory (AD), Entra ID, and hybrid AD. After analysis, Moto gave Cayosoft Guardian a 4.6/5 rating, giving it a gold award with TechGenix.com.
Webinar