Chat now with support
Chat with Support

Security Guardian Current - Release Notes

Release Notes

Quest® Security Guardian

Updated December 12, 2025

 

These release notes provide information about Quest® Security Guardian deployments.

Quest® Security Guardian is an integrated On Demand solution that helps you keep the Active Directory domains and Entra ID tenants in your organization secure.

You can:

  • Identify Tier Zero objects in Active Directory.

  • Identify Privileged objects in Entra ID.

  • Certify that objects are indeed Tier Zero or Privileged and, when Quest Change Auditor version 7.4 is integrated, protect Active Directory Tier Zero objects against unauthorized or accidental modification or deletion.

  • Run pre-defined Security Assessments to identify vulnerabilities in Active Directory and Entra ID and create your own Assessments.

  • Investigate Findings for Tier Zero and Privileged objects, vulnerabilities identified through Assessments, and Critical Activity from Audit.

  • Have Findings forwarded to a SIEM tool and alerts sent to selected email recipients.

  • Lock down critical Active Directory objects, preventing unauthorized or accidental changes using Sheilds Up. This feature enforces a highly restrictive, pre-configured lockdown on Tier Zero objects—such as users, groups, computers, and policies. While intended for temporary emergency use, Shields Up can also be deployed continuously as a proactive security measure.

  • Audit and monitor critical activities and real-time alerts on important changes across Microsoft 365 services, including Exchange Online, SharePoint Online, Teams, OneDrive for Business, and Microsoft Entra.

  • Integrate with Quest Change Auditor to search and correlate identities across both on premises and in the cloud to give a seamless view of activity in hybrid Microsoft environments. Specifically auditing enables:

    • Fast and flexible searches for easy investigation and accurate results across tenants and on premises environments
    • Interactive visualizations and dashboards to summarize audit activity
    •   Easy to use customizable alerts based on audit event searches
    • Long term storage of audit events outside of Microsoft 365 and Change Auditor for a retention period of up to 10 years 

  • Review service principals and their associated security posture within your Entra ID environment to identify risky permissions, assess sign-in status, and monitor compliance with security .

  • Monitor and analyze activity across both your on-premises and cloud-based Microsoft environments from a single, unified interface using Hybrid Audit.

  • Use Security Guardian Intelligence AI assistance to:

    • Help you ask focused questions tailored to your environment.

    • Gain valuable insights into the security posture of your organization’s Active Directory and Entra ID systems.

    • View critical vulnerabilities and issues identified during assessments and offers practical recommendations for remediation.

 

Enhancements

  • Assessment Trends: The default value is the past 7 days. You now have the ability to view the trends by day (7, 30, 60, or 90), by weeks (26, 52, or 78), or by months (12, 24, 36, or 48). When the selected range is greater than 7 days, the chart shows average values for the chosen time unit (such as day, week, or month).

Known Issues

The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.

Assessment known issues
Known Issue Issue ID

Due to the complexity of the query, an Assessment can evaluate a maximum of 10,000 Tier Zero objects for a vulnerability. If this limit is surpassed, results will be marked as Inconclusive with the following message:

Syntax error: Query length (2162372) too large (max: 2097152)

497529

Release History

The following lists the new features, enhancements and resolved issues by deployment.

Current Deployment

December 12, 2025

You now have the ability to view the trends by day (7, 30, 60, or 90), by weeks (26, 52, or 78), or by months (12, 24, 36, or 48). When the selected range is greater than 7 days, the chart shows average values for the chosen time unit (such as day, week, or month).

Previous Deployments

December 9, 2025

  • Ability to see " AD security changes that can prevent object enumeration detected" as critical activity in the dashboard.
  • Ability to specify whether you require the system to send email notifications.
  • Ability to add notification recipients by role.

November 25, 2025

  • Workload Identity columns renamed. "Total owners" changed to "Owners" and "Total Risky Permissions" changed to "Risky Permissions".

November 18, 2025

  • Hybrid Audit which allows you to monitor and analyze activity across both your on-premises and cloud-based Microsoft environments from a single, unified interface.
  • Ability to view and edit the templates used to protect Active Directory and Group Policy objects.

November 4, 2025

The following Active Directory vulnerability has been added to Discoveries:

  • Security changes that can prevent object enumeration detected.
  • Previously reported inactive Tier Zero Users that may have become active.

October 16, 2025

  • Ability to gain visibility into service principals and their associated security posture within your Entra ID environment. The Workload Identity feature helps administrators identify risky permissions, assess sign-in status, and monitor compliance with security standards.
  • Users can build searches using clause groups with support for AND/OR logical operators both within and between groups, enabling more flexible and precise query construction.

 

September 9, 2025

An AI-powered Assessment Summary report that interprets your organization’s assessment data to highlight trends and deliver a clear, high-level overview of results.

 

August 11, 2025

The following Active Directory Assessments have been added to Discoveries:

  • Privilege Escalation
    • Non-Tier Zero account with write or extended permission on Tier Zero object

For certain vulnerabilities, you can click the Principal Name or Display Name link to view detailed information about the object. This may include object properties, any affected Tier Zero objects, and group members (for group objects only).

 

July 31, 2025

Addition of Security Guardian Intelligence which is a powerful new feature that uses AI assistance to enhance your organization’s security management. With this feature, you can:

  • Ask focused questions tailored to your specific environment.
  • Gain valuable insights into the security health of your Active Directory and Entra ID systems.
  • View critical vulnerabilities and issues identified during assessments.
  • Receive practical, actionable recommendations for remediation.

New Security Guardian built in searches:

  • Shields Up enabled in the past 30 days
  • Shields Up disabled in the past 30 days
  • Shields Up override account changes in the past 30 days

July 23, 2025

Shields Up is a new rapid-response feature that helps organizations protect their most critical Active Directory assets during periods of elevated cyber risk or active security incidents. It applies a strict, pre-configured lockdown to Tier Zero objects—such as privileged users, groups, computers, and policies—blocking unauthorized changes, deletions, or policy updates. While designed for short-term emergency use, Shields Up can also be enabled continuously as a proactive defense strategy.

 

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating