Quest® Security Guardian
Updated November 18, 2025
These release notes provide information about Quest® Security Guardian deployments.
Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domains and Entra ID tenants in your organization secure.
You can:
-
Identify Tier Zero objects in Active Directory.
-
Identify Privileged objects in Entra ID.
-
Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.
-
Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.
-
Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from Audit.
-
Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.
-
Lock down critical Active Directory objects, preventing unauthorized or accidental changes using Sheilds Up. This feature enforces a highly restrictive, pre-configured lockdown on Tier Zero objects—such as users, groups, computers, and policies. While intended for temporary emergency use, Shields Up can also be deployed continuously as a proactive security measure.
-
Audit and monitor critical activities and real-time alerts on important changes across Microsoft 365 services, including Exchange Online, SharePoint Online, Teams, OneDrive for Business, and Microsoft Entra.
-
Integrate with Quest Change Auditor to search and correlate identities across both on premises and in the cloud to give a seamless view of activity in hybrid Microsoft environments. Specifically auditing enables:
- Fast and flexible searches for easy investigation and accurate results across tenants and on premises environments
- Interactive visualizations and dashboards to summarize audit activity
- Easy to use customizable alerts based on audit event searches
- Long term storage of audit events outside of Microsoft 365 and Change Auditor for a retention period of up to 10 years
-
Review service principals and their associated security posture within your Entra ID environment to identify risky permissions, assess sign-in status, and monitor compliance with security .
-
Monitor and analyze activity across both your on-premises and cloud-based Microsoft environments from a single, unified interface using Hybrid Audit.
-
Use Security Guardian Intelligence AI assistance to:
-
Help you ask focused questions tailored to your environment.
-
Gain valuable insights into the security posture of your organization’s Active Directory and Entra ID systems.
-
View critical vulnerabilities and issues identified during assessments and offers practical recommendations for remediation.
The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.
Assessment known issues
| Known Issue |
Issue ID |
|
Due to the complexity of the query, an Assessment can evaluate a maximum of 10,000 Tier Zero objects for a vulnerability. If this limit is surpassed, results will be marked as Inconclusive with the following message:
Syntax error: Query length (2162372) too large (max: 2097152) |
497529 |
The following lists the new features, enhancements and resolved issues by deployment.
Current Deployment
November 25, 2025
- Workload Identity columns renamed. "Total owners" changed to "Owners" and "Total Risky Permissions" changed to "Risky Permissions".
Previous Deployments
November 18, 2025
-
Hybrid Audit which allows you to monitor and analyze activity across both your on-premises and cloud-based Microsoft environments from a single, unified interface.
-
Ability to view and edit the templates used to protect Active Directory and Group Policy objects.
November 4, 2025
New Features
The following Active Directory vulnerability has been added to Discoveries:
October 16, 2025
New Features
Ability to gain visibility into service principals and their associated security posture within your Entra ID environment. The Workload Identity feature helps administrators identify risky permissions, assess sign-in status, and monitor compliance with security standards.
September 9, 2025
New Features
An AI-powered Assessment Summary report that interprets your organization’s assessment data to highlight trends and deliver a clear, high-level overview of results.
August 11, 2025
New Features
The following Active Directory Assessments have been added to Discoveries:
For certain vulnerabilities, you can click the Principal Name or Display Name link to view detailed information about the object. This may include object properties, any affected Tier Zero objects, and group members (for group objects only).
July 31, 2025
New Features
Security Guardian Intelligence is a powerful new feature that uses AI assistance to enhance your organization’s security management. With this feature, you can:
-
Ask focused questions tailored to your specific environment.
-
Gain valuable insights into the security health of your Active Directory and Entra ID systems.
-
View critical vulnerabilities and issues identified during assessments.
-
Receive practical, actionable recommendations for remediation.
July 23, 2025
New Features
Shields Up is a new rapid-response feature that helps organizations protect their most critical Active Directory assets during periods of elevated cyber risk or active security incidents. It applies a strict, pre-configured lockdown to Tier Zero objects—such as privileged users, groups, computers, and policies—blocking unauthorized changes, deletions, or policy updates. While designed for short-term emergency use, Shields Up can also be enabled continuously as a proactive defense strategy.
June 26, 2025
New Features
The following Active Directory Assessments have been added to Discoveries:
The following Microsoft Entra ID Assessment has been added to Discoveries:
June 18, 2025
New Features
The following Active Directory Assessments have been added to Discoveries:
March 10, 2025
New Features
The following Active Directory Assessments have been added to Discoveries:
Resolved Issues
| The issue "Tier Zero enumeration does not properly handle Domain Users group being member of a Tier Zero group" has been resolved. |
542953 |
Audit Release History
November 10. 2025
| Enhancement |
ID |
| Ability to see " AD security changes that can prevent object enumeration detected" as critical activity in the dashboard. |
490010 |
October, 2025
| Enhancement |
ID |
|
Users can now build searches using clause groups with support for AND/OR logical operators both within and between groups, enabling more flexible and precise query construction. |
499932 |
July, 2025
| Enhancement |
ID |
|
New Security Guardian built in searches:
-
Shields Up enabled in the past 30 days
-
Shields Up disabled in the past 30 days
-
Shields Up override account changes in the past 30 days |
544438 |
May, 2025
| Enhancement |
ID |
| User interface and documentation updated to reflect Microsoft rebranding of Azure Active Directory to Microsoft Entra and Office 365 to Microsoft 365. |
536979
555048 |
April, 2025
| Enhancement |
ID |
| Ability to indicate a start date for event sending on the Audit Configuration Wizard. |
538656 |
March, 2025
| Enhancement |
ID |
| The "Can run quick search searches" permission has been removed and rolled into the "Can run private searches" permission. This permission now controls the user's access to quick searches and their ability to run quick searches. |
513180 |
January, 2025
| Enhancement |
ID |
|
Ability to see "AD Replicating Directory Changes All domain permission granted" as critical activity in the dashboard. |
516231 |
| SG Privileged Entra ID objects uncertified in the past 30 day built in search |
531871 |
December, 2024
| Enhancement |
ID |
|
Additional Security Guardian search:
|
482249 |
Nov, 2024
| Enhancement |
ID |
|
Additional Active Directory searches:
-
All attempts to modify protected Active Directory objects in the past 60 days
-
All attempts to edit protected group policies in the past 60 days
-
All attempts to modify protected Active Directory databases in the past 60 days
-
All attempts to access protected Windows file system objects in the past 60 days
-
Group Policy all changes to scheduled task section in the last 60 days |
504431/518747 |
| Enhancement |
ID |
| Alert plans have been renamed to Notification Templates and are managed by selecting Settings | Notification and selecting the appropriate module. |
455698 |
| Ability to see "AD suspicious group ESX Admins created or member added" as critical activity in the dashboard. |
506418 |
|
|
495508 |
July 18, 2024
| Enhancement |
ID |
| Public and back end searches updated to match new nomenclature and changed fields. |
486395 |
| Ability to edit the layout for the Quick Search to visualize search results. |
463279 |
February 29, 2024
| Enhancement |
ID |
| Security Guardian built in searches. |
447542 |
|
BloodHound Enterprise alert plan renamed to Tier Zero alert plan. |
472122 |
