Quest Change Auditor (acquired with Quest Software's identity and management portfolio, now under the One Identity umbrella) is one of the longest-established enterprise change-auditing platforms. It covers Active Directory, Azure AD / Entra ID, Exchange, SharePoint, Windows file servers, NetApp and Dell file appliances, SQL Server, VMware, and a long tail of additional enterprise systems. Like Netwrix Auditor, its strength is regulator-style audit depth on enterprise data sources, real-time AD change capture, and pre-built compliance reports.
Lavawall® covers the activity-monitoring categories MSPs actually deliver to clients — AD & M365 user reporting, on-premises file change monitoring, SharePoint and OneDrive activity, Google Drive activity — and ships them as one of several modules in an MSP platform that also handles patching, breach detection, configuration backup, GRC compliance, helpdesk, and remote support.
The decision usually comes down to deployment model and price point: Quest fits enterprise single-tenant deployments where deep AD audit and broad data-source coverage are the priority; Lavawall® fits MSP-channel multi-tenant delivery where breadth across categories matters more than depth in any one category.
Where Lavawall® wins
Bundled MSP platform. Activity monitoring is one Lavawall® capability; the same console handles 7,500+ application patching, breach detection, configuration backup and rollback, GRC compliance, helpdesk, and remote support. Quest Change Auditor is a specialist audit product; the rest of the security stack is separate procurement.
Multi-tenant by design. One Lavawall® console covers every client tenant. Quest is engineered primarily for enterprise single-tenant deployments; MSPs delivering Change Auditor across many client tenants typically manage per-tenant deployments.
Cross-platform endpoint coverage. Lavawall®'s agent runs on Windows, macOS, and Linux endpoints and servers. File-change monitoring covers all three. Quest is strongest on Windows and AD-native data sources.
Google Workspace coverage. Lavawall® covers Google Workspace user reporting and Google Drive change monitoring as first-class capabilities. Quest Change Auditor is Microsoft-centric.
M365 / Entra / Azure configuration backup with structured rollback. Lavawall® ships a plan-approve-execute rollback workflow with dry-run preview and audit trails across ~30 object types. Quest Change Auditor is primarily an audit-detection platform; structured rollback at this depth typically requires Quest Recovery Manager as a separate product.
MSP-native pricing. Public per-tenant pricing in CAD and USD with multiple modules bundled. Quest Change Auditor is per-target-system on enterprise quotes; comparable functional scope for an SMB-served MSP is materially more expensive.
Where Quest Change Auditor wins
Deep enterprise data-source coverage. Quest Change Auditor connects to SQL Server, VMware, NetApp / Dell EMC / Nutanix file appliances, and similar enterprise systems that Lavawall® does not currently target. Enterprise MSPs supporting those systems have coverage Lavawall® can't match.
Real-time AD change capture. Quest captures AD changes in real time with full before/after context. Lavawall®'s AD collection is on a polling cycle. For sub-minute detection on AD specifically, Quest is faster.
Mature AD specialist features. Group Policy Object change tracking, AD schema modification auditing, trust-relationship change tracking, and FSMO role monitoring at depth. Lavawall® covers AD users and groups but not these AD-specialist concerns.
Enterprise audit-archive retention. Quest is built for long-term audit-archive retention on specific high-stakes systems. If multi-year archive retention with regulator-style filtering is a primary requirement, Quest fits that brief specifically.
Feature comparison
| Feature | Lavawall® | Quest Change Auditor |
|---|---|---|
| Active Directory change auditing | Yes — user reporting + group changes | Yes — flagship strength |
| Real-time AD change capture | Polling cycle (hours) | Yes — real-time |
| AD Group Policy Object change tracking | No | Yes |
| AD schema modification auditing | No | Yes |
| Entra ID / Azure AD change auditing | Yes | Yes |
| Microsoft 365 user / activity reporting | Yes — same module | Yes |
| Google Workspace user reporting | Yes | No |
| Windows file-server FIM | Yes | Yes |
| Linux / macOS file activity | Yes — agent on both | Limited |
| SharePoint Online activity monitoring | Yes | Yes |
| Exchange / Exchange Online change auditing | Configuration changes covered | Yes — deep mailbox auditing |
| SQL Server, VMware, NetApp audit coverage | No | Yes — enterprise data sources |
| AD forest / object recovery | No (Entra ID config rollback only) | Yes (via Quest Recovery Manager add-on) |
| M365 / Entra / Azure configuration backup & rollback | Yes — ~30 object types | Limited |
| Cross-platform patching (7,500+ apps) | Yes | No |
| Multi-tenant ITDR breach detection | Yes | No (separate Quest products) |
| GRC framework mapping (15+ frameworks) | Yes | Limited |
| Kernel-free application control | Yes | No |
| Bundled helpdesk & remote support | Yes | No |
| MSP multi-tenant model | Native — one console, all clients | Enterprise single-tenant heritage |
| Pricing | Per-tenant, public CAD & USD | Per-target-system; enterprise quote |
| Native CAD billing | Yes | No |
Who should pick which?
Pick Lavawall® if…
MSPs delivering AD reporting, M365 reporting, file activity monitoring, and Google Workspace activity as part of one platform that also handles patching, breach detection, GRC, helpdesk, and configuration backup.
Teams supporting Windows + macOS + Linux endpoints who want one agent for all activity monitoring.
MSPs whose clients are SMB and mid-market, where Quest's per-target-system enterprise pricing is hard to justify.
Buyers who want public per-tenant pricing in CAD and USD.
Pick Quest Change Auditor if…
Enterprise IT teams with broad data-source audit requirements spanning SQL Server, VMware, enterprise file appliances, and similar systems Lavawall® does not currently target.
Teams that need real-time AD change capture and deep GPO / schema change tracking at depth Lavawall® does not currently match.
Organisations that already operate the Quest / One Identity portfolio and want Change Auditor as the audit-archive layer alongside Quest Recovery Manager and One Identity governance.
Frequently asked
- Is Quest Change Auditor the same product category as Lavawall®?
- Partially. Quest Change Auditor is a mature enterprise audit and change-tracking platform covering Active Directory, Azure AD / Entra ID, Exchange, SharePoint, file servers, and a long tail of enterprise systems. Lavawall® covers the activity-monitoring categories MSPs actually deliver (AD & M365 user reporting, file change monitoring, SharePoint and Google Drive activity) plus patching, breach detection, configuration backup, GRC, helpdesk, and remote support in one bundled MSP platform. Quest is deeper on AD audit; Lavawall® is broader on what an MSP actually runs.
- What about Quest Recovery Manager for AD?
- Quest Recovery Manager for Active Directory is a separate Quest product focused on AD object and forest recovery, comparable to Cayosoft Instant Forest Recovery. Lavawall® does not target AD forest recovery; if catastrophic AD recovery is a board-level requirement, Quest Recovery Manager (or Cayosoft) remains the right choice. Lavawall® covers Entra ID configuration backup and rollback (cloud), not AD forest recovery (on-prem).
- How does Quest's enterprise focus affect pricing?
- Quest Change Auditor is priced per-target-system on enterprise quotes typical of the enterprise audit / identity tooling market. Lavawall® is per-tenant with published CAD and USD rates and multiple modules bundled. For SMB and mid-market MSP clients, Lavawall® is materially less expensive at the activity-monitoring scope MSPs actually use.
- Can MSPs deliver Quest Change Auditor to many clients?
- Quest is targeted primarily at enterprise IT teams running it single-tenant. Some MSPs do deliver Change Auditor across clients, but the model favours larger per-tenant deployments rather than the many-small-tenants MSP-channel model. Lavawall® was designed for the MSP-channel model from day one.
- Is there overlap with Quest's other products (One Identity, KACE)?
- Quest's portfolio is wide. One Identity overlaps with identity governance and PAM; KACE overlaps with endpoint management. Lavawall® touches on identity governance through AD & M365 user reporting and on endpoint management through patching and configuration assessment, but Lavawall® is not an IGA or PAM platform. This comparison page focuses specifically on Quest Change Auditor.