What Is Guardz Identity Threat Detection & Response?

Attackers are not breaking in any more. They are logging in. The Salesloft and Drift OAuth compromise chains of 2024-2025 proved the point — credentials and tokens are the new perimeter, and most endpoint-focused tools simply miss the identity-tier signal entirely.

Guardz ITDR is the purpose-built module for detecting these attacks on Microsoft Entra ID, Microsoft 365 and Google Workspace identity. Detection content covers misconfigured directory posture, anomalous app-registration creation, suspicious admin role grants, over-permissioned service principals, OAuth phishing chains and the kind of token-replay activity that signature-based tools never catch in time. The product engineering team also runs the EntraReaper research project — an autonomous red-teaming programme that maps the Microsoft 365 attack surface and feeds new detections back into the platform.

For Australian MSPs whose SMB tenants live in Microsoft 365 or Google Workspace, this is the module that matters most. Endpoint AV plus EDR does not catch an OAuth grant gone wrong, an attacker creating a persistent app registration in Entra ID, or a service principal slowly acquiring scopes it should never have. Guardz ITDR does, and it correlates the identity signal with the endpoint and email surface so the response runs across all three in one workflow.

Key Specifications

Scope

Microsoft Entra ID, Microsoft 365 identity, Google Workspace identity

Detection Content

OAuth phishing, app-registration persistence, anomalous admin grants, over-permissioned service principals

Response

Suspend user, revoke OAuth tokens, isolate endpoint — automated playbook then SOC validation

Research Programme

EntraReaper — autonomous red-teaming for Microsoft 365 attack-surface mapping

Multi-Tenant

Native — one console across the MSP customer base with white-label branding

Correlation

Identity signals stitched with endpoint and email surface for one incident view

Plans

Included in Pro and Ultimate; 24/7 MDR overlay in Ultimate

Models Available

Detection for Entra ID directory posture and app-registration creation

Detection for Microsoft 365 OAuth grants and token abuse

Detection for Google Workspace identity and OAuth surface

Automated response: suspend user, revoke tokens, isolate endpoint

Cross-surface correlation with endpoint and email signal

Compliance reporting for SOC 2 and ISO 27001 controls

Who Is This For?

MSPs whose SMB clients live in Microsoft 365 or Google Workspace

Security-led MSSPs adding identity detection to an existing endpoint stack

IT teams responding to the wave of 2024-2025 OAuth compromise incidents

Compliance-driven organisations needing detection content for Entra ID app-registration abuse

Channel partners replacing identity-blind endpoint-only tools

How It Compares

ITDR as a product category is crowded but uneven. Microsoft Defender for Identity is excellent on Entra ID telemetry but locked to the Microsoft estate. Vectra and Varonis play at enterprise scale with enterprise pricing. Huntress shipped its own ITDR product but the detection content is endpoint-adjacent rather than identity-native. Guardz ITDR was built around the recognition that the identity surface is its own discipline, and the EntraReaper research project keeps the detection content current with how attackers actually pivot through Microsoft 365. For Australian MSPs serving SMB tenants, the structural advantage is multi-tenant by default, integrated with the rest of the Guardz platform, and priced for the SMB segment.

Guardz Identity Threat Detection & Response

What Is Guardz Identity Threat Detection & Response?

Key Specifications

Models Available

Who Is This For?

How It Compares

Works Great With

How to Buy in Australia

Australian Distribution