Chat now with support
Chat with Support

Security Guardian Current - Release Notes

Release Notes

Quest® Security Guardian

August 12, 2025

 

These release notes provide information about Quest® Security Guardian deployments.

Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domains and Entra ID tenants in your organization secure.

You can:

  • Identify Tier Zero objects in Active Directory.

  • Identify Privileged objects in Entra ID.

  • Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.

  • Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.

  • Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from On Demand Audit.

  • Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.

  • Lock down critical Active Directory objects, preventing unauthorized or accidental changes using Sheilds Up. This feature enforces a highly restrictive, pre-configured lockdown on Tier Zero objects—such as users, groups, computers, and policies. While intended for temporary emergency use, Shields Up can also be deployed continuously as a proactive security measure.

  • Use Security Guardian Intelligence AI assistance to:

    • Help you ask focused questions tailored to your environment.

    • Gain valuable insights into the security posture of your organization’s Active Directory and Entra ID systems.

    • View critical vulnerabilities and issues identified during assessments and offers practical recommendations for remediation.

 

 

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Privilege Escalation

    • Non-Tier Zero account with write or extended permission on Tier Zero object

For certain vulnerabilities, you can click the Principal Name or Display Name link to view detailed information about the object. This may include object properties, any affected Tier Zero objects, and group members (for group objects only).

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Assessment known issues
Known Issue Issue ID

Due to the complexity of the query, an Assessment can evaluate a maximum of 10,000 Tier Zero objects for a vulnerability. If this limit is surpassed, results will be marked as Inconclusive with the following message:

Syntax error: Query length (2162372) too large (max: 2097152)

497529

Release History

The following lists the new features, enhancements and resolved issues by deployment.

Current Deployment

August 11, 2025

New Features

 

The following Active Directory Assessments have been added to Discoveries:

  • Privilege Escalation

    • Non-Tier Zero account with write or extended permission on Tier Zero object

For certain vulnerabilities, you can click the Principal Name or Display Name link to view detailed information about the object. This may include object properties, any affected Tier Zero objects, and group members (for group objects only).

Previous Deployments

July 31, 2025

New Features

Security Guardian Intelligence is a powerful new feature that uses AI assistance to enhance your organization’s security management. With this feature, you can:

  • Ask focused questions tailored to your specific environment.

  • Gain valuable insights into the security health of your Active Directory and Entra ID systems.

  • View critical vulnerabilities and issues identified during assessments.

  • Receive practical, actionable recommendations for remediation.

July 23, 2025

New Features

Shields Up is a new rapid-response feature that helps organizations protect their most critical Active Directory assets during periods of elevated cyber risk or active security incidents. It applies a strict, pre-configured lockdown to Tier Zero objects—such as privileged users, groups, computers, and policies—blocking unauthorized changes, deletions, or policy updates. While designed for short-term emergency use, Shields Up can also be enabled continuously as a proactive defense strategy.

 

June 26, 2025

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Privilege Escalation

    • Tier Zero object migrated to a Delegated Managed Service Account (dMSA)

    • Delegated Managed Service Account (dMSA) with a suspicious configuration (BadSuccessor)

The following Microsoft Entra ID Assessment has been added to Discoveries:

  • Entra ID Initial Access

    • Enabled privileged Entra ID user accounts that are inactive

    • Enabled non-privileged Entra ID user accounts that are inactive

June 18, 2025

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Privilege Escalation

    • Non-Tier Zero account can create Delegated Managed Service Accounts (dMSA) in an OU or container

March 10, 2025

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Credential Access:

    • Microsoft Entra seamless single sign-on (AzureADSSOACC) account password has not changed recently

  • Persistence:

    • Tier Zero Group policy contains a scheduled task

    • Non-Tier Zero Group policy contains a scheduled task

Resolved Issues

Resolved Issue Issue ID
The issue "Tier Zero enumeration does not properly handle Domain Users group being member of a Tier Zero group" has been resolved. 542953

December 17, 2024

 

New Features

Security Guardian has added support for Entra ID objects in Microsoft 365 tenants, which includes Privileged object identification and certification. Security Assessments, and indicators for Findings in Security Guardian and On Demand Audit.

 

December 10, 2024

 

New Features

The following Active Directory Assessments have been added to Discoveries:

  • Credential Access

    • Group Policy does not enforce built-in Administrator account lockout on all computers

  • Lateral Movement

    • Tier Zero Group Policy allows Authenticated Users to add computers to the domain

  • Privilege Escalation

    • Non-Tier Zero account can use a misconfigured certificate template to impersonate any user

    • Non-Tier Zero account can request an overly permissive certificate with privileged EKU (ESC2)

Resolved Issues

Resolved Issue Issue ID
A performance improvement has been implemented for environments with a large volume of Tier Zero objects. 530317

 

October 10, 2024

 

New Features

The following Active Directory vulnerabilities have been added to Discoveries:

  • Credential Access:

    • Domain trust without Kerberos AES encryption enabled

    • Kerberos KRBTGT account password has not changed recently

  • Privilege Escalation:

    • Suspicious ESX Admins group detected in domain

Enhancements

Enhancement Issue ID
MITRE ATT&CK TTPs have been added to Hygiene and Detected Indicators Findings Investigation pages. 494070
The reason(s) why an object is considered Tier Zero is displayed in object details and the Findings Investigation page for the object. 479695
In Assessment results for vulnerable computer and user objects, a column has been added to indicate whether the object is enabled or disabled. 481991

 

August 15, 2024

 

Enhancements

Enhancement Issue ID
To prevent system overload from exceptionally large data sets, a maximum of 100,000 objects will be displayed in the Assessment Results Vulnerable Objects list. 502873

August 1, 2024

 

New Features

You can export the complete Tier Zero objects list to a csv file, for sharing with stakeholder and security assessment engagements.

 

Enhancements

Enhancement Issue ID
To simplify the user experience, Am I Exposed? no longer displays on the Findings Investigation page. 465773

 

July 02, 2024

 

New Features

The terminology for Indicator and Finding types has changed to better align with industry standards.

 

March 26, 2024

 

New Features

A Data Collections page has been added to Security Settings, which allows you to monitor Active Directory data collections within your organization. You can also:

  • manually run a data collection

  • disable data collections that you no longer want to run.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating