Entra ID Guardian

SpyCloud’s Entra ID Guardian scans credentials within Entra ID against billions of recaptured darknet assets, enabling automated remediation like password resets and account disables to keep your corporate identity secure.

Benefits at a Glance

🛡️

Stay Ahead of Criminals

Proactively monitor Entra ID for exposed employee credentials.

🔐

Lock Out Bad Actors

Protect assets by resetting or disabling accounts linked to breaches, malware, or phishing.

🧠

Reduce Your Team’s Workload

Automate detection and remediation of exposed passwords.

How It Works

Entra ID Guardian is deployed via an ARM template in Azure as a container. It integrates with your directory and SMTP environment to continuously scan accounts for password exposures.

Collect – SpyCloud gathers breach and malware records.
Enrich & Analyze – Credentials are matched against Entra ID accounts.
Automate – Enqueue actions like password resets, logging, and email notifications.

At a Glance: Functional Overview

Feature	Description
Deployment Method	ARM template – deploys as Azure Container Instance (ACI), no VM required
Scanning Scope	Full credential checks for active Entra ID accounts (exact-match only)
Remediation Options	Password reset, log match details, email notifications (user/admin), delayed reset option
Reporting Dashboard	Scan stats by period: accounts scanned, passwords checked/matched, resets, emails sent

Example Use Case: Corporate Exposures

Entra ID Guardian integrates into Azure environments via ARM deploying an ACI. It scans active employees for credential reuse or exposure, triggering automated remediation workflows as needed.

Why It Matters

SpyCloud Entra ID Guardian delivers automated credential hygiene and robust ATO protection — driving faster detection and remediation in your cloud identity stack while lightening the load on security teams.