For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Change Auditor

Real-time security and IT auditing for your Microsoft Windows environment

Real-time change auditing for Microsoft platforms

Change reporting and access logging for Active Directory (AD) and enterprise applications is cumbersome, time-consuming and, in some cases, impossible using native IT auditing tools. This often results in data breaches and insider threats to AD and other Microsoft platforms, and can go undetected without protections in place.

Fortunately, there's Change Auditor. With Change Auditor, you get complete, real-time IT auditing, in-depth forensics and comprehensive security monitoring on all key configuration, user and administrator changes for Microsoft Active Directory, Azure AD, Exchange, Office 365, Exchange Online, file servers and more. Change Auditor also tracks detailed user activity for logons, authentications and other key services across enterprises to enhance threat detection and security monitoring. A central console eliminates the need and complexity for multiple IT audit solutions.


Proactive threat detection with Change Auditor Threat Detection

Simplify user threat detection by analyzing anomalous activity to rank the highest risk users in your organization, identify potential threats and reduce the noise from false positive alerts.

Hybrid environment auditing with a correlated view

Get a single, correlated view of activity across your hybrid Microsoft environments, ensuring visibility to all changes taking place, whether on premises or in the cloud. Audit hybrid environments and data including:

  • AD and Azure AD users, groups, roles, identities and more
  • Exchange and Exchange Online mailbox logins/activity, non-owner mailbox access, distribution groups and more
  • SharePoint / SharePoint Online / OneDrive for Business files, folders, and more
  • And AD logons and Azure AD sign-ins

Change prevention

Protect against changes to critical data within AD, Exchange and Windows file servers, including privileged groups, Group Policy objects and sensitive mailboxes.

Auditor-ready reporting

Generate comprehensive reports for security best practices and regulatory compliance mandates, including GDPR, SOX, PCI-DSS, HIPAA, FISMA, GLBA and more.

Improved insights with IT Security Search

Correlate disparate IT data from numerous systems and devices into an interactive search engine for fast security incident response and forensic analysis. Include user entitlements and activity, event trends, suspicious patterns and more with rich visualizations and event timelines.

Simplified investigations

Capture the originating IP address and workstation name for account lockout events, and view related logon and access attempts in an interactive timeline. This helps simplify detection and investigation of internal and external security threats.

High-performance auditing engine

Remove auditing limitations and capture access and security events without the need for native audit logs, resulting in faster results and incident response.

Security timelines

View, highlight and filter change events and discover their relation to other security events in chronological order across your AD and Microsoft platforms for better forensic analysis and security incident response.

Related searches

Get one-click, instant access to information on the change you’re viewing and all related events, such as what other access attempts were made by specific users, and when and where they were logged in. This simplifies the investigation of insider threats.

Integrated event forwarding

Easily integrate with various solutions to get the most from your Change Auditor logs, including:

  • Integrate with SIEM solutions by forwarding Change Auditor events to Splunk, HP Arcsight or IBM QRadar.
  • Integrate with Quest InTrust for long-term 20:1 compressed event storage and aggregation of native or third-party logs to reduce storage costs on SIEM forwarding and create a highly-compressed log repository.

Real-time alerts on the move

Receive critical change and pattern alerts to email and mobile devices to prompt immediate action, enabling you to respond faster to threats even while you’re not on site.

Role-based access

Configure access so auditors can run searches and reports without making any configuration changes to the application, and without requiring the assistance and time of IT administrators.

Web-based access with dashboard reporting

Search security and access events from anywhere using a web browser and create targeted dashboards to provide upper management and auditors with access to the information they need without having to understand architectures.

Product Demo : Learn about Change Auditor for Active Directory

Active Directory and Azure AD

Change Auditor for Active Directory and Change Auditor for Logon Activity proactively track, report and alert on vital events in Microsoft Active Directory and Azure AD. Specifically, these powerful tools instantly report on:

  • Critical configuration changes to Microsoft Active Directory or Azure AD, including who made the change; when, where and from workstation it was made; and the original and current values
  • AD logon and logoff activity and Azure AD sign-ins

Moreover, these solutions deliver a single, correlated view across your hybrid AD environment, providing intelligent, in-depth forensics to speed troubleshooting and ensure you have an audit trail for auditors and management.

Learn about Change Auditor for Exchange

Exchange and Exchange Online/Office 365

Change Auditor for Exchange simplifies the Exchange auditing process. Track, audit, report and alert on Microsoft Exchange on-premises, Office 365 and Exchange Online activity changes, such as mailbox logins/access, non-owner mailbox activity and permission changes, in real time within a single, correlated view. To ensure compliance across your on-premises and cloud messaging environment, you can automatically generate intelligent, in-depth reports, protecting you against policy violations and avoiding the risks and errors associated with day-to-day modifications. And, for fast troubleshooting, you always get the original and current values.

Product Demo : Change Auditor for Windows File Servers

Windows Server

Change Auditor for Windows File Servers helps you control and audit changes to Microsoft Windows Server efficiently and cost-effectively. Change Auditor for Windows File Servers proactively tracks, audits, reports on and alerts on vital changes, including user and administrator accounts actively related to files or folders and changes to access permissions, in real time and without the overhead of native auditing. You will instantly know the “who, what, when, where and originating workstation” details, and get the original and current values for fast troubleshooting. You’ll reduce the risks associated with daily tasks as well as satisfy auditors — and management — thanks to automatically-generated, in-depth forensics.

Product Demo : Change Auditor for SQL Server

SQL Server

Change Auditor for SQL Server makes database auditing of Microsoft SQL Server easy and secure. It tracks, audits, reports on and alerts on changes in real time, translating events into simple terms and eliminating the time and complexity required for auditing. You will instantly know the “who, what, when, where and originating workstation” details. Armed with this information, you can automatically generate intelligent, in-depth forensics for auditors and management, reducing the risks associated with day-to-day modifications and ensuring confidence at your next audit.

Product Demo : Change Auditor for NetApp

Network-attached storage

Ensure the security, compliance and control of files, folders and shares by tracking, auditing, reporting and alerting on all changes in real time. With Change Auditor for NetApp, EMC or FluidFS, you can report on and analyze events and changes without the complexity and time required with native auditing, as well as mitigate concerns over system performance.

SharePoint, SharePoint Online/Office 365 and OneDrive for Business

Change Auditor for SharePoint enables faster, easier and more secure SharePoint, SharePoint Online/Office 365 and OneDrive for Business auditing. In real time, it tracks, audits, reports on and alerts on critical changes to:

  • SharePoint farms, servers, sites, users, permissions and more
  • File and folder activity as well as sensitive data moving in and out of OneDrive for Business

Change Auditor for SharePoint also translates events into simple terms and stores data in one centralized and secure database. The tool generates intelligent, in-depth reports to protect against policy violations, delivering the data you need to pass your next audit.

Skype for Business/Lync

Get complete visibility into how your communication environment is set up and enforced with a single solution. Change Auditor for Skype for Business audits, alerts and reports on administrator activity, security and configuration changes in real time. With its enterprise-wide visibility, it allows you to see how Skype for Business or Lync is configured and enforced so you can take a proactive management approach. By doing so you can eliminate mistakes or violations, reduce downtime and strengthen compliance and security.



Change Auditor for VMware vCenter helps you ensure the security, compliance and control of event activity, and the security of VMware vCenter Server. It manages, audits, reports on and provides alerts on all changes to the platform in real time, making VMware monitoring easy. With Change Auditor, you’ll be assured of VMware security and be confident that you’ve met the compliance demands necessary to satisfy the scrutiny of any auditor.