SpyCloud Identity Guardians
Automate remediation of identity exposures with SpyCloud Identity Guardians for Active Directory, Entra ID, and Okta in as little as 5 minutes from discovery — preventing account takeover and improving password hygiene across your entire workforce.
Amplify your identity threat protection across your directory store
With SpyCloud Identity Guardians, prevent unauthorized access with automated remediation of compromised credentials.
A criminal who gains access to your users’ directory store credentials through a third-party breach, malware infection, or successful phishing attack can easily log into your network – accessing business-critical services. This threat extends to all exposed credentials tied to your employees’ holistic identities, across their current and past online personas, some of which are likely outside your monitoring visibility.
SpyCloud Identity Guardians enable proactive workflows that automate the remediation of compromised credentials, giving defenders the immediacy required to protect their workforce.
Identity insights
More than just intel – get quality identity data that is enriched and to act on exposed employee, vendor, and contractor accounts
Instant time-to-value
Save valuable time and resources with seamless integrations that prevent password reuse, improve password hygiene, proactively monitors for exposures, and remediate compromised credentials
Automated remediation
In as little as 5 minutes from discovery, automate remediation of breached, malware-infected, and phished accounts directly through Active Directory, Entra ID, and Okta
EXPLORE
SPYCLOUD IDENTITY GUARDIANS
Active Directory Guardian
Automated remediation of compromised accounts for Microsoft Active Directory
Entra ID Guardian
Automated remediation of compromised accounts for Microsoft Entra ID
Okta Workforce Guardian
Automated remediation of compromised accounts for Okta Workforce Identity
Instant discovery & rapid remediation
SpyCloud Identity Guardians integrate into your directory environment to continuously monitor and take action on compromised credentials – safeguarding employee identities and securing access to corporate data and critical IP.
Early detection of breach, malware and phished data exposures
Speed is critical when it comes to recapturing credentials that have been exfiltrated by infostealers. With SpyCloud, defenders can remediate stolen passwords in as little as 5 minutes from detection, well before cybercriminals have a chance to use them as an entry point into your organization.
SpyCloud Identity Guardians significantly shorten your enterprise exposure from compromised employee and contractor identities by automating password resets through Active Directory and Entra ID – including where Okta is the identity provider – or by disabling high-risk accounts.
Faster resolution with automated workflows
Compromised accounts put enterprises at risk – overloading security and IT teams who spend manual hours investigating, responding to, and remediating exposures. With SpyCloud Identity Guardians, you can:
- Uncover new exposures with real-time alerts when corporate credentials are discovered in a third-party breach, exfiltrated by an infostealer or part of a successful phish
- Automatically scan or schedule in-depth scans at your preferred cadence, with reports delivered directly to your inbox
- Decrease MTTR by automating the remediation of password resets or disabling high-risk accounts
- Get instant time-to-value with a seamless implementation that won’t endanger your domain controller or cause account lockouts
- Gain visibility into internal password reuse and force resets
Identify password exposures across corporate and personal accounts
Password reuse and exposed credentials extends to personal accounts, creating a blind spot for security professionals. When an employee’s personal credentials are compromised, or those tied to their current and past online personas, it’s easy for a criminal to connect the dots and target that user’s directory account.
SpyCloud Identity Guardians scan with IDLink analytics to detect any password tied with your employee’s holistic digital identity that has ever appeared in SpyCloud’s database of billions of exposed passwords. IDLink automatically detects when employees use passwords that criminals are actively leveraging in credential stuffing and password spraying attacks. You can also easily block employees from setting these passwords, and detect new exposures that could put your enterprise at risks.
Know more with
IDLink analytics
Find up to 14x more passwords per user
Scan with IDLink for even more powerful coverage of exposed Active Directory accounts. Find all exposed credentials tied to your employees’ holistic identities, some of which are likely outside your monitoring visibility.
SpyCloud Identity Guardian FAQs
Active Directory Guardian can force a password reset to Okta instead of performing a password reset in AD or Azure, requiring the user to change his/her password upon the next login. Setup just takes a few steps and can be incorporated as an action in the customizable Remediation Policies.
SpyCloud also offers a native Okta workflow integration for automation and management inside of Okta Workforce.
SpyCloud Identity Guardians provide several options to easily reset an Active Directory password including the options to disable a user or force a password process when a password match is found. Options can be easily defined in the Remediation Policies.
Yes, Active Directory Guardian can improve password hygiene and password security across your organization.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. Prevent insider threats from poor cyber hygiene and security practices that can lead to account takeover and ransomware attacks.
The passwords you choose and how you manage them have serious security implications as the use of stolen credentials continues to be the number one entry point for cybercriminals.
Active Directory Guardian accounts for some of the best password management practices by preventing employees from using previously exposed passwords, dictionary words, sequential characters, and fuzzy matches of exposed passwords. SpyCloud also recommends that you streamline compliance with NIST password guidelines. Click more here for more password best practices and tips.
The NIST password guidelines are a part of Digital Identity Guidelines in, “NIST Special Publication 800-63B.” Some highlights include:
Identify and avoid: “Passwords obtained from previous breach corpuses.”
Identify and avoid: “Dictionary Words.”
Identify and avoid: “Repetitive or sequential characters.” (e.g., ‘aaaaa’ or ‘1234abcd)
Identify and avoid: “Context-specific words, such as the name of the service, the username, and derivatives thereof.”
Remediate compromised passwords: “If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value.”
Active Directory Guardian makes it easy to streamline compliance with NIST password guidelines.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. To see passwords you should consider banning, check out our list of the top “bad passwords,” updated monthly.
Active Directory Guardian runs locally on your Active Directory member server or domain controller.
Entra ID Guardian runs in an Azure container and supports cloud-native deployments.
You might like:
See the newest research, trends & statistics relating to identity exposure & identity threats. Read the 2025 report & benchmark your identity security approach today.
Handy guide to decipher what it means when employee or consumer information appears on a botnet log, and how to contact infected users with an action plan.
You can’t stop ATO until you understand it. Get this plain-English primer on the latest attack methods, bad habits that increase ATO risk, and strategies for prevention.
Experience the power of automation
Easily remediate compromised passwords and malware exposures with SpyCloud Identity Guardians.
