We are 3 Microsoft MVPs, ex-Microsoft engineers, and enterprise SRE leaders. Every guide lists who wrote it, when it was reviewed, and how to verify it in production. Our clients collectively avoid $2M–$10M annually in downtime, audit penalties, and compliance exposure through our threat-intelligence driven guidance and change-control rigor.
Born from a single CA lockout that shut down a 12,000-user organization for 8 hours. We exist to prevent that from happening to you.
Deliver diagnostic-first, production-safe Exchange Online and Microsoft 365 security guidance that enterprise IT teams can trust in their most critical incidents. No generic advice—every runbook is written by a named principal engineer with 10+ years Microsoft ecosystem experience.
All three founders came from enterprises where Exchange downtime = board-level incident. We saw firsthand how generic support fails when authentication breaks, mail flow stops, or security policies lock out executives. We built ExchangeGuardians to be what we needed in those moments: expert-level guidance, audit-safe procedures, and engineers who understand compliance pressure.
In March 2018, a well-intentioned conditional access policy change locked 12,000 users out of email, including the entire C-suite during quarterly earnings. The incident lasted 8 hours because:
That night, we committed to building a different kind of support: expert engineers, signed procedures, production-safe guidance, audit-ready documentation. ExchangeGuardians was born.
— Amelia Patel, Founder & Principal Engineer
Experience, credentials, and scope of responsibility for each named engineer.
Qualification criteria: 10+ years Exchange/Microsoft 365 experience, 3+ professional certifications (MVP, CISSP, MCSA, or equivalent), documented track record handling 500+ production incidents, peer-reviewed technical publications, and quarterly continuing education on Microsoft security updates.
Accountability: Every guide lists the authoring engineer by name. If a procedure fails in your environment, you can request direct consultation with the author to understand why and adapt the approach.
Review process: All security-critical content reviewed by two engineers (author + peer). All runbooks tested in lab environments before publication. Updates published within 30 days of relevant Microsoft security bulletins.
15 years in Exchange and Entra ID | Former Microsoft CSS escalation engineer | Microsoft MVP (Security) | CISSP
Deep expertise in security posture, conditional access policies, and mail flow protection. Leads all security reviews, CA policy guidance, and authentication remediation. See CA lockout case study.
Reviewed quarterly; signs mail flow, security, and authentication runbooks.
12 years in Exchange Online and hybrid | Ex-Microsoft FastTrack architect | MCSA: Office 365 | Azure Administrator Associate
Specializes in hybrid namespace design, HCW remediation, complex migrations, and coexistence troubleshooting. Review 50K mailbox migration case study.
Reviewed quarterly; signs hybrid, migration, and HCW runbooks.
Enterprise SRE lead for collaboration stacks | Focus on reliability engineering, SLOs, and rollback design | ITIL v4, PMP
Drives safety and production readiness. Designs runbook validation checks, rollback triggers, change-control workflows, and incident escalation pathways. See CA policy rollback and mail flow rollback examples.
Reviewed bi-annually; signs all change, SLO, validation, and rollback guidance.
We publish with the same rigor we expect in enterprise change boards.
Runbooks map signals to likely causes with error-code matrices, not generic advice. Each step lists validation checks.
Changes follow least-privilege, no credential sharing, and align to Microsoft 365 secure defaults and CA policy hygiene.
Every article shows authors, last-reviewed date, and version. We retire or revise content when Microsoft updates services.
Clear roles, boundaries, and accountability so you know how to operationalize our guidance.
We start with telemetry: message trace, service health, audit, Defender alerts, Outlook connection status, Graph/EWS signals. See our diagnostic checklist.
Pre-checks, implementation steps, rollback triggers, and validation suitable for CAB approvals. You decide execution path.
Advisory and co-delivery. We do not store tenant secrets; you approve and perform credentialed actions with us present.
What you can verify about us before you act on any guidance.
Follow-the-sun engineers with defined handoffs and logging.
Time-to-ack and time-to-resolve targets published for P1/P2.
Data handling commitments, least-privilege execution, and audit-ready notes.
Review a runbook, meet the authors, or open an incident with production-safe guidance.