Cayosoft Guardian​

Change Monitoring & Recovery for AD, Azure AD, & Beyond

When Active Directory on-premises or Azure AD stops working, users lose all access to applications and resources they rely on to work and communicate, resulting in costly outages and lost business. Whether the outage was from malicious actions or mistakes, the resilience of your organization depends on your directories and integrated enterprise services.

Cayosoft Guardian continuously monitors directories and services, allowing you to isolate suspect changes and immediately recover unwanted changes made to both objects and settings. This is done across Active Directory, Hybrid AD, Azure Active Directory, Office 365, Microsoft Teams, and Exchange Online, all from Cayosoft Guardian’s single, unified console.

Key Features

Continuous Directory and Service Protection

Understanding what is changing in your environment is critical to maintaining security, detecting and stopping breaches, and avoiding costly outages. Cayosoft Guardian continuously records all changes in Active Directory, Hybrid AD, Azure AD, Office 365 settings, Microsoft Teams Settings letting you quickly isolate and understand suspect changes. 

Minimize or Eliminate Costly Outages and Downtime

View changes at a glance to quickly understand and remedy lockouts and downtime. Filter changes and save common queries for quick access to helpful insights. Instantly roll back issues with a single button and receive critical alerts of vital changes to prevent downtime altogether.  Reduces reliance on event logs which are typically complex, incomplete are often the first target of attackers.

Real-Time Change Monitoring and Alerting

Monitoring and Alerting often require pulling information from multiple sources that are not easily understandable at a glance.  Effortlessly maintain security and compliance with Cayosoft Guardian, which unifies changes across On-premises Active Directory, Azure Active Directory Hybrid AD environments for easy access.  All change data is organized and filtered easily understood Queries of critical Who, What, When and Where details. Queries can also be saved as both customer real-time alerts or into audit ready change reports.

Immediate Recovery

Maintain a continuous back-up of  Active Directory, Azure AD and more to quickly identify the extent of an unwanted change and reverse them. Recover multiple changes with bulk recovery or specific adjustments with granular rollback. Go beyond the limitations of native tools and deploy immediate recovery to anywhere in your on-premises, cloud, or hybrid environment from a single interface.

Close the Window of Opportunity on Attackers

Identify and block unwanted privilege escalation before attackers have a chance to act. Receive critical alerts of suspicious activity, recover malicious changes, and receive proactive insights to prevent future attacks.


is the average global cost of insider threats



native logs need to be checked for changes across hybrid environments



days is the length of time to recover users and groups from native Recycle Bins before it’s gone forever

How Cayosoft Compares

Active Directory for Suspect Changes


Time-consuming and tedious sifting through native logs that often come with glaring blind spots

Common Result: Costly security breaches, compliance failures, and service outages


Legacy on-premises AD management tools designed decades ago

Common Result: Incomplete visibility can result in missed threats or the inability to perform a complete recovery


Purpose-built to secure and protect identities across on-premises Active Directory,  Azure AD and hybrid environments.  Real-time alerts make it easy to spot changes and thwart attacks before they impact users.

Deleted Items


Native recycle bins offer one-time undelete but do not recover changes to properties or metadata associated with an object

Common Result: Costly outages and downtime before all associated data can be fully restored


Legacy AD recovery tools designed decades ago.  Often requires fumbling with backups and good only for on-prem AD

Common Result: Misses anything related to Azure AD or Microsoft 365 or requires additional purchases 


Instantly restore group settings and memberships, object attribute data, Office 365 license settings, conditional access policies, hard-deleted objects, and more. 

Recover multiple changes at once to immediately reverse even far-reaching damage across Active Directory everywhere.

Guardian FAQ

Yes, the product has real-time alerts out of the box. Pre-built alerts include changes to Azure AD Roles, Privileged AD Groups, and changes to Microsoft Teams settings. Cayosoft’s Alert Query Format follows the Microsoft Graph name nomenclature, and provides a simple way for your to create new alerts.

Yes, Cayosoft Guardian will restore hard deleted items. Since the objects are no longer present in Azure AD, Guardian will recreate the object using the details stored in the Guardian database. It is important to note that while Guardian re-creates hard-deleted objects, some links to those objects are not restored and may need to be manually assigned.

 Yes, Cayosoft Guardian also restores a number of other objects as well, including:

  • Azure AD Users, Groups and Guests
  • Azure AD Roles
  • Azure AD Conditional Access Policies*
  • Azure AD Enterprise Applications*
  • Microsoft Teams Settings*
  • Azure AD Admin Units
  • On-premises Active Directory (AD)  Privileged Groups
  • On-premises AD Users, Groups, Computers, Contacts, & OUs

*For exact capabilities please request more information

Cayosoft Guardian does not recover on-premises Domain Controllers. This functionality is on the Guardian roadmap, but timing for this functionality has not been announced.

Check out these relevant resources.


Recover and Protect Azure AD and Hybrid AD

With Guardian monitoring all directory changes, administrators can quickly see, understand, and rollback mistakes or malicious changes across their entire hybrid AD environment. When rollback is needed, Guardian provides an automated recovery without time-consuming operations with incomplete backup files.

Product Review

Review: Azure AD Protection Solution, Cayosoft Guardian

Microsoft MVP Nuno Mota reviewed Cayosoft Guardian, a solution for Azure and hybrid AD recovery and protection.  The review, which includes some useful tips on requirements, step-by-step installation, and product functions, gave Guardian 4.6/5 rating.


3 Modern Ways to Protect Hybrid Identities

Watch this on-demand webinar where we discuss the blind spots in native logs and how undetected mistakes and malicious privilege escalation can wreak havoc on your organization.