Cayosoft Guardian

Hybrid Change Monitoring, Instant Rollback, and Threat Detection for Microsoft Platforms

Hybrid Active Directory Recovery and Monitoring Software

Avoid Costly Outages from Cyber Threats or Mistakes

Your Active Directory (AD) or Azure Active Directory (Azure AD) contain vital user identities that are crucial to ensuring your business operates without interruption. Whether from malicious actions, like cyberattacks and malware, or mistakes, like accidental deletions and misconfigurations, corruption of your Active Directory can stop your business in its tracks and cause costly outages that can last hours, days, or even weeks.

Cayosoft Guardian was designed to reduce the complexity of hybrid Active Directory security, by combining threat detection, monitoring, and recovery into one comprehensive solution. Cayosoft Guardian continuously monitors directories and services, allowing you to isolate suspect changes and instantly recover unwanted changes made to both objects and settings. This is done across on-premises AD, hybrid AD, Azure AD, Office 365, Microsoft Teams, and Exchange Online, all from Cayosoft Guardian’s single, unified console.

6 Logs

In order to view changes across hybrid Microsoft environments, at least six native logs need to be checked.


The average global cost of insider threats is now over $11.5 million.

30 Days

Azure AD Recycle Bin only keeps deleted users and groups for 30 days before they’re permanently erased. 

How Cayosoft Guardian Excels — The Key Features

Instant Object and Attribute Recovery

Instant object and attribute recovery allows administrators to quickly recover from mistakes or malicious changes, like when a user experiences an outage from an unwanted change to their account or their access. With Cayosoft Guardian, the change can be easily identified and instantly reversed from granular change history without wasting time with lengthy operations that a legacy file-based AD recovery tool requires. Cayosoft Guardian’s instant Active Directory recovery software resolves outages fast, vastly reducing the costs associated with the most common types of outages. Costly user downtime, caused by mistakes or malicious changes to group memberships, group policy objects (GPOs), account settings, Microsoft licensing, Microsoft Teams memberships, and accidental AD object deletions, are common, typically hard to identify, and cost millions in lost productivity every year. With Cayosoft Guardian, resolve outages quickly and get users back to work faster.

Continuous Change Monitoring and Alerting

Continuous change monitoring and real-time alerting across Active Directory, Azure AD, Office 365, and other key Microsoft systems, allows administrators to quickly identify malicious changes or mistakes and instantly recover from them. Understanding the complex changes taking place across Active Directory, Azure AD, Office 365 and other key Microsoft systems is critical to securing your Microsoft environment. Cayosoft Guardian’s Active Directory (AD) auditing and monitoring software enables you to stop security breaches, malicious changes, and mistakes, like when an admin accidentally deletes an important object, that will ultimately cause expensive outages, compliance fines, and possible loss of business reputation. By alerting administrators about important changes before they escalate into problems, Cayosoft Guardian ensures security, compliance, and business continuity goals are met, and costly outages are avoided.

Unified Change History

Continuous and unified change history records up-to-the-minute changes across integrated Microsoft services, including on-premises Active Directory, hybrid Active Directory, Azure AD, Office 365, and other key Microsoft systems and cloud-based applications. Built-in or custom queries show “who, what, when, and where” details needed to satisfy recovery, security, and compliance objectives. Cayosoft Guardian’s continuous, unified change history allows you to view and track changes made in and between Microsoft systems that cannot be achieved with event logs or legacy auditing tools. With Cayosoft Guardian, improve security and compliance while protecting your critical hybrid and cloud Microsoft systems against unwanted changes and cyberthreats, ensuring you meet your legal and regulatory goals.

Threat Detection and Response Guidance

Like antivirus for Microsoft identities, Cayosoft Guardian automatically identifies and reverses malicious changes made to your entire Active Directory (AD) environment, including hybrid AD, Azure AD, and other systems, before attackers can use them for exploit. Close the window of opportunity on attackers with Cayosoft Guardian’s threat detection and automatic response. Slow down attackers to gain valuable response time or prevent cyberattacks all together. With Cayosoft Guardian proactively monitoring for system misconfigurations, representing known attack vectors, you can take corrective actions before an attack takes place.

Event Log and Security Information and Event Management (SIEM) Enrichment

Cayosoft Guardian’s continuous change history records changes even when security logs or SIEM tools are compromised, including events that bypass event logs. Cayosoft Guardian collects event logs from AD, Azure AD, Office 365, and more, to enhance the detail of changes that were made. Threat actors often target event logs first during an attack so they can blind SIEM tools, like Microsoft Sentinel, and carry out their activities, costing businesses millions of dollars each year. With the addition of Cayosoft Guardian, you add checks and balances to your cybersecurity defense with another pair of eyes to identify issues or suspect changes, even when native logging is deficient, disabled, or maliciously destroyed.

Traditional Backup and Restore Solution Enhancement

Traditional backup solutions are not able to cope with instant recovery of user accounts and groups that provide access. Cayosoft Guardian improves traditional backup solutions by adding instant Active Directory recovery for objects and attributes, like user identities and group access, that are the first step to recovery. Cayosoft Guardian is the perfect complement to your current backup and recovery strategy. Working alongside your traditional backup solution, Cayosoft Guardian allows you to bring back user identities and their access instantly, greatly reducing the recovery process and recovery times compared to other recovery tools and native methods. Cayosoft Guardian also ensures a clean restoration, without the reintroduction of the compromised server(s) that originally caused the outage.

Looking for even more features to recover AD and Azure AD, like Domain and AD Forest Disaster Recovery?

See how Cayosoft Guardian with instant recovery for all critical Microsoft directory recovery scenarios expands Cayosoft Guardian to a whole new level. Learn more about Cayosoft Guardian Forest Recovery, our all-in-one Active Directory and Azure AD recovery software, including instant object and attribute, domain controller, and automated, instant full forest recovery, here.

See Cayosoft Guardian In Action

Cayosoft Guardian_change monitoring demo
Play Video

Ready to see more of Cayosoft Guardian?

How Cayosoft Compares

Continuous Monitoring of Active Directory

Time-consuming and tedious process of searching through numerous native event logs and security settings that often come with blind spots and can be bypassed by threat actors.
Common Result: Inability to see changes across entire hybrid AD environment to identify threats, vulnerabilities, and causes of outages, leading to security breaches, compliance failures, downtime, and costly service outages.
Traditional Active Directory monitoring tools and tools to monitor critical changes use file-based backups that need mounted or out-of-date snapshots.
Common Result: Increased complexity and the inability to easily view changes simultaneously across hybrid AD environments, leaving companies open to cyber risk and potentially business-crippling security breaches.
Unified monitoring across on-premises Active Directory, Azure AD, hybrid AD, and Microsoft Office 365 environments. Change history repository keeps continuous, real-time backups enabling granular rollback of unwanted changes. Cayosoft Guardian was designed to simplify AD security and hybrid AD monitoring.

Instant Recovery of Active Directory

Native backup and restore tools, like recycle bins, offer one-time undelete but do not recover attributes and settings making them unsuitable for full object-level backups and attribute-level restorations.
Common Result: Time-consuming and error prone process leading to extended downtime and expensive outages before objects can be restored, if they are able to be recovered at all.
Legacy AD backup and recovery tools were designed only for on-premises Active Directory, requiring additional products and multiple consoles in order to recover across hybrid and cloud.

Common Result: Increased costs and inability to recover across entire hybrid AD environment leading to complex, error-prone processes and delayed recovery times.


Instantly recover AD and Azure AD objects, attributes, and settings across on-premises AD, Azure AD, hybrid AD, and Office 365, with just a few clicks. With its single console, Cayosoft Guardian reduces the complexity of hybrid AD recovery and gets you back to business faster.

Others Who Trust Cayosoft

Guardian FAQ

Cayosoft Guardian provides monitoring, backup, and recovery for a number of AD objects, attributes, and settings critical to maintaining AD security and operational integrity, including:

On-Premises Active Directory (AD):

  • Contact, group, user, and computer objects and attributes
  • Group memberships, group policy objects (GPOs) and GPO settings, privileged groups, organizational units (OUs), and Conditional Access policies (CAPs)
  • On-premises Exchange settings and policies

Azure Active Directory (Azure AD):

  • Users, groups, and guests
  • Roles, group memberships, administrative units, and Conditional Access policies

Office 365:

  • Exchange Online and Microsoft Teams settings and policies

And more! For additional information or questions including full capabilities of Cayosoft Guardian, contact us.

Yes, Cayosoft Guardian delivers continuous AD monitoring and real-time alerts across hybrid Active Directory environments to changes, like AD users and groups, Azure AD roles, privileged AD groups, and Microsoft Teams settings. Cayosoft Guardian’s alert query also provides a simple way for you to create custom notifications to admins through Microsoft Teams and/or email.

Yes, Cayosoft Guardian will restore hard-deleted or permanently deleted AD objects. Since the objects are no longer present in Active Directory or Azure AD, Cayosoft Guardian will recreate the object using the details stored in its database.

Note: While Guardian recreates deleted objects, some links to those objects are not restored and may need to be manually assigned. For additional information or questions about how Cayosoft Guardian recovers deleted AD objects, reach out to us.

Cayosoft Guardian requires Windows Server 2016, Windows Server 2019, or Windows Server 2022.
Unlike traditional Active Directory (AD) backup software, like bare-metal backups, system state backups, full backups, or incremental backups, Cayosoft Guardian continuously backs up your Active Directory and Azure AD in real time, allowing you to quickly and easily revert changes to any point in time. This not only reduces storage space required but eliminates the risk of reintroduction of ransomware, reinfection, and additional corruption that can occur with some legacy Windows server backup tools.

Check out these relevant resources.


Unified, Instant AD Recovery and Change Monitoring Solutions

Cayosoft Guardian is the only solution to combine AD monitoring and backup across Microsoft environments. With Cayosoft Guardian, IT admins can quickly see, understand, and rollback mistakes or malicious changes to Active Directory objects, attributes, and settings, allowing your business operations to instantly recover without time-consuming recovery processes or incomplete backup files.

Product Review

Review: Hybrid and Azure AD Recovery and Protection Solution

Microsoft MVP Nuno Mota reviewed Cayosoft Guardian, a comprehensive recovery solution for on-premises Active Directory (AD), Azure AD, and hybrid AD. After analysis, Moto gave Cayosoft Guardian a 4.6/5 rating, giving it a gold award with


3 Modern Ways to Protect Hybrid Identities

Watch this on-demand webinar where we discuss the blind spots in native logs, how undetected mistakes and malicious privilege escalation can wreak havoc on your organization, and best practices on how to prevent and recover your Active Directory from these cyber threats.