Adding a tenant

This article describes how to add a new Microsoft 365 tenant in Cayosoft Guardian. The wizard guides you through the connection method, configuration account, application account creation, service selection, and confirmation.

Prerequisites

• A Microsoft Entra Global Administrator account to grant consent and complete setup.
• Network/browser access to your Microsoft 365 tenant.

Adding a tenant

Adding your Entra ID/Microsoft 365 cloud tenant immediately enables change monitoring and data backup for continuous protection against unwanted changes.

1. Sign in to your tenant using the configuration account and a name for the Entra application

   RECOMMENDED: Use the Microsoft Entra application method for enhanced security and easier management. Learn more: Entra application accounts.

   

2. Choose which Microsoft 365 services Guardian will monitor for changes:

   • Entra ID
   • Exchange Online
   • Teams
   • Intune

   NOTE: Enabling additional services increases database storage requirements. Use the system requirements calculator to estimate storage needs.

   Cayosoft Guardian automatically configures the Microsoft Entra application with the required permissions for the selected services.

   

   Once configuration is complete, the tenant appears in your list of managed tenants.

Managing access

With this feature, Cayosoft Guardian helps your organization follow security best practices while still maintaining rollback and recovery capabilities when required.

To elevate access for Microsoft Entra tenants:

1. In the Cayosoft Guardian web portal, go to Configuration > Managed Tenants.

2. From the tenant list, choose the tenant you want to elevate.

3. At the top of the tenant details pane, click Elevate access.

4. In the Account name field, enter the Global Administrator account in the format: username@domain.com.

5. Click Sign in and complete the authentication process.

6. After signing in, click Elevate to grant write permissions.

7. Confirm that the tenant status reflects elevated access.

   

To de-elevate connection accounts for Microsoft Entra tenants :

1. In the Cayosoft Guardian web portal, go to Configuration > Managed Tenants.

2. From the tenant list, choose the tenant you want to de-elevate.

3. At the top of the tenant details pane, click De-elevate access.

4. In the Account name field, enter the Global Administrator account in the format: username@domain.com

5. Click Sign in and complete the authentication process.

6. After signing in, click De-elevate to remove elevated write permissions.

7. Confirm that the tenant status reflects de-elevated access.

Managing credentials

To edit the credentials:

1. Open the Cayosoft Guardian web portal.
2. Expand Configuration node.
3. Select the Managed tenants node.
4. Select the tenant and click Properties.
5. On the Credentials tab, click Edit.
6. Click Add + and select the credentials to be added.

7. For Token credential, specify:

   • Account name – the account name for which the credential is being configured.
   • Refresh token – the refresh token (or password) associated with the account.
   • Type – the type of token credentials.

8. For Password credential, specify:

   • Account name – the account name for which the credential is being configured.
   • Password – the password associated with the account.
   • Type – the type of password credentials.

To delete the credentials:

1. Open the Cayosoft Guardian web portal.
2. Expand Configuration node.
3. Select the Managed tenants node.
4. Select the tenant and click Properties.
5. On the Credentials tab, click Edit.
6. Click the vertical kebab icon and click Delete.
7. Confirm the deletion.