Cayosoft Guardian​

Hybrid Azure Active Directory Recovery and Monitoring

Avoid Costly Outages from Cyber Threats or Mistakes

When Active Directory on-premises or Azure AD stops working, users lose all access to applications and resources they rely on to work and communicate, resulting in costly outages and lost business. Whether the outage was from cyber-threat, malicious actions or mistakes, the resilience of your organization depends on your directories and integrated enterprise services.

Cayosoft Guardian continuously monitors directories and services, allowing you to isolate suspect changes and immediately recover unwanted changes made to both objects and settings. This is done across Active Directory, hybrid AD, Azure Active Directory, Office 365, Microsoft Teams, and Exchange Online, all from Cayosoft Guardian’s single, unified console.

Key Features

Change Monitoring and Alerting

Understanding what is changing in your environment is critical to detecting and stopping security breaches,  malicious changes, and reversing admin misstates all of which will cause costly outages. Cayosoft Guardian continuously monitors all changes in Active Directory, hybrid AD, Azure AD, Office 365 settings, and Microsoft Teams settings, letting you quickly isolate and understand suspect changes. Real-time alert notifications within Microsoft Teams or through email, notify admins of potential issues. 

Cyber Threat Monitoring with Automatic Remediation

Close the window of opportunity on attackers with Threat Detection and optional Automatic Remediation. Receive critical alerts of suspicious activity, automatically rollback malicious changes like escalation of privilege or changes to AD security before attackers can can act, and receive proactive insights to prevent future attacks.

Immediate Object and Attribute Recovery

Resolving user outages quickly is one of the critical successful factors for day-to-day recovery.  Outages caused by mistakes or malicious changes to group memberships, account settings, Microsoft licensing, Microsoft Teams memberships, and accidental object deletions are common and typically hard to identify. Immediate Object and Attribute Restore allow admins to identify and immediately roll back unwanted changes directly from Guardian’s Continuous Change History without mounting and comparing dozens of likely-incomplete backup files. 

Continuous Change History

Change Monitoring and Immediate Recovery require pulling information from multiple sources that are not easily understandable at a glance. Cayosoft Guardian, creates a unified history of changes across on-premises Active Directory, Hybrid AD, and  Azure AD and more to provides a comprehensive view of change and a reliable recovery data source that doesn’t rely on incomplete point-in-time backup files. Change History data can be filtered and sorted easily with built-in or custom queries showing critical “who, what, when and where” details. Queries can also be saved as both customer real-time alerts or into audit ready reports needed to satisfy security and compliance requirements.

Minimize or Eliminate Costly Outages and Downtime

View changes at a glance to quickly understand and remedy lockouts and downtime. Filter changes and save common queries for quick access to helpful insights. Instantly roll back issues with a single button and receive critical alerts of vital changes to prevent downtime altogether. Reduce reliance on event logs, which are typically complex, incomplete, and are often the first target of attackers.

Looking for even more features to recover AD and Azure AD, like Domain and AD Forest Disaster Recovery?

See how Cayosoft Guardian with immediate recovery for all critical Microsoft directory recovery scenarios expands Cayosoft Guardian to a whole new level. Learn more about Cayosoft Guardian Forest Recovery, our all-in-one AD and Azure AD recovery solution, including immediate object and attribute, domain controller, and automated, immediate full forest recovery, here.


is the average global cost of insider threats



native logs need to be checked for changes across hybrid environments



days is the length of time to recover users and groups from native Recycle Bins before it’s gone forever

How Cayosoft Compares

Deleted Items


Native recycle bins offer one-time undelete but do not recover changes to properties or metadata associated with an object

Common Result: Costly outages and downtime before all associated data can be fully restored


Legacy AD recovery tools designed decades ago.  Often requires fumbling with backups and good only for on-prem AD

Common Result: Misses anything related to Azure AD or Microsoft 365 or requires additional purchases 


Instantly restore group settings and memberships, object attribute data, Office 365 license settings, conditional access policies, hard-deleted objects, and more. 

Recover multiple changes at once to immediately reverse even far-reaching damage across Active Directory everywhere.

Active Directory for Suspect Changes


Time-consuming and tedious sifting through native logs that often come with glaring blind spots

Common Result: Costly security breaches, compliance failures, and service outages


Legacy on-premises AD management tools designed decades ago

Common Result: Incomplete visibility can result in missed threats or the inability to perform a complete recovery


Purpose-built to secure and protect identities across on-premises Active Directory,  Azure AD and hybrid environments.  Real-time alerts make it easy to spot changes and thwart attacks before they impact users.

Guardian FAQ

Yes, the product has real-time alerts out of the box. Pre-built alerts include changes to Azure AD Roles, Privileged AD Groups, and changes to Microsoft Teams settings. Cayosoft’s Alert Query Format follows the Microsoft Graph name nomenclature, and provides a simple way for your to create new alerts.

Yes, Cayosoft Guardian will restore hard deleted items. Since the objects are no longer present in Azure AD, Guardian will recreate the object using the details stored in the Guardian database. It is important to note that while Guardian re-creates hard-deleted objects, some links to those objects are not restored and may need to be manually assigned.

 Yes, Cayosoft Guardian also restores a number of other objects as well, including:

  • Azure AD Users, Groups and Guests
  • Azure AD Roles
  • Azure AD Conditional Access Policies*
  • Azure AD Enterprise Applications*
  • Microsoft Teams Settings*
  • Azure AD Admin Units
  • On-premises Active Directory (AD)  Privileged Groups
  • On-premises AD Users, Groups, Computers, Contacts, & OUs

*For exact capabilities please request more information

Check out these relevant resources.


Recover and Protect Azure AD and Hybrid AD

With Guardian monitoring all directory changes, administrators can quickly see, understand, and rollback mistakes or malicious changes across their entire hybrid AD environment. When rollback is needed, Guardian provides an automated recovery without time-consuming operations with incomplete backup files.

Product Review

Review: Azure AD Protection Solution, Cayosoft Guardian

Microsoft MVP Nuno Mota reviewed Cayosoft Guardian, a solution for Azure and hybrid AD recovery and protection.  The review, which includes some useful tips on requirements, step-by-step installation, and product functions, gave Guardian 4.6/5 rating.


3 Modern Ways to Protect Hybrid Identities

Watch this on-demand webinar where we discuss the blind spots in native logs and how undetected mistakes and malicious privilege escalation can wreak havoc on your organization.