Cayosoft Guardian​

Monitor & Recover Active Directory & Azure AD

Detect critical changes and quickly rollback unwanted changes across Active Directory, Azure AD tenants, Microsoft 365 (formerly Office 365), Microsoft Teams, and Exchange Online settings in a unified platform.

Cayosoft Guardian recovers and protects Azure Active Directory and hybrid AD data. With Guardian monitoring all directory changes, administrators can quickly see, understand, and rollback mistakes or malicious changes across their entire hybrid AD environment.  

Key Features

Close the Window of Opportunity on Attackers

Identify and block unwanted privilege escalation before attackers have a chance to act. Receive critical alerts of suspicious activity, recover malicious changes, and receive proactive insights to prevent future attacks.

Immediate Recovery from Unwanted Changes

Maintain a continuous back-up of your hybrid environment to quickly identify the extent of an unwanted change and reverse it. Recover large changes with bulk recovery or specific adjustments with granular rollback. Go beyond the limitations of native tools and traditional backups and deploy immediate recovery to anywhere in your on-premises, cloud, or hybrid environment from a single interface.

Minimize Outages and Downtime

View AD changes at a glance to quickly understand and remedy lockouts and downtime. Filter changes and save common queries for quick access to helpful insights. Instantly roll back issues with a single button and receive critical alerts of vital changes to prevent downtime altogether.

Enhance Visibility Over Changes

IT audits require pulling information from multiple sources that are not easily understandable at a glance.  Effortlessly maintain security compliance with Cayosoft Guardian, which unifies changes across AD domains, Azure AD tenants, or hybrid environments for easy access. Permissions, identities, and events are organized and filtered for ease of access. Queries can also be saved to quickly pull frequently requested reports.


is the average global cost of insider threats



native logs need to be checked for changes across hybrid environments



days is the length of time to recover users and groups from native Recycle Bins before it’s gone forever

How Cayosoft Compares

Active Directory for Suspect Changes


Time-consuming and tedious sifting through native logs that often come with glaring blind spots

Common Result: Costly security breaches, compliance failures, and service outages


Legacy on-premises AD management tools designed decades ago

Common Result: Incomplete visibility can result in missed threats or the inability to perform a complete recovery


Purpose-built to secure and protect identities across on-premises Active Directory,  Azure AD and hybrid environments.  Real-time alerts make it easy to spot changes and thwart attacks before they impact users.

Deleted Items


Native recycle bins offer one-time undelete but do not recover changes to properties or metadata associated with an object

Common Result: Costly outages and downtime before all associated data can be fully restored


Legacy AD recovery tools designed decades ago.  Often requires fumbling with backups and good only for on-prem AD

Common Result: Misses anything related to Azure AD or Microsoft 365 or requires additional purchases 


Instantly restore group settings and memberships, object attribute data, Office 365 license settings, conditional access policies, hard-deleted objects, and more. 

Recover multiple changes at once to immediately reverse even far-reaching damage across Active Directory everywhere.

Guardian FAQ

Yes, the product has real-time alerts out of the box. Pre-built alerts include changes to Azure AD Roles, Privileged AD Groups, and changes to Microsoft Teams settings. Cayosoft’s Alert Query Format follows the Microsoft Graph name nomenclature, and provides a simple way for your to create new alerts.

Yes, Cayosoft Guardian will restore hard deleted items. Since the objects are no longer present in Azure AD, Guardian will recreate the object using the details stored in the Guardian database. It is important to note that while Guardian re-creates hard-deleted objects, some links to those objects are not restored and may need to be manually assigned.

 Yes, Cayosoft Guardian also restores a number of other objects as well, including:

  • Azure AD Users, Groups and Guests
  • Azure AD Roles
  • Azure AD Conditional Access Policies*
  • Azure AD Enterprise Applications*
  • Microsoft Teams Settings*
  • Azure AD Admin Units
  • On-premises Active Directory (AD)  Privileged Groups
  • On-premises AD Users, Groups, Computers, Contacts, & OUs

*For exact capabilities please request more information

Cayosoft Guardian does not recover on-premises Domain Controllers. This functionality is on the Guardian roadmap, but timing for this functionality has not been announced.

Check out these relevant resources.


Recover and Protect Azure AD and Hybrid AD

With Guardian monitoring all directory changes, administrators can quickly see, understand, and rollback mistakes or malicious changes across their entire hybrid AD environment. When rollback is needed, Guardian provides an automated recovery without time-consuming operations with incomplete backup files.

Product Review

Review: Azure AD Protection Solution, Cayosoft Guardian

Microsoft MVP Nuno Mota reviewed Cayosoft Guardian, a solution for Azure and hybrid AD recovery and protection.  The review, which includes some useful tips on requirements, step-by-step installation, and product functions, gave Guardian 4.6/5 rating.


3 Modern Ways to Protect Hybrid Identities

Watch this on-demand webinar where we discuss the blind spots in native logs and how undetected mistakes and malicious privilege escalation can wreak havoc on your organization.