Managed ISPM

Within the ISPM Dashboard under the Conditional Access Policies tab when adding a Huntress Managed Policy it would be helpful if after selecting a policy either a description or link to description of the policy was shown to better help the user understand what the policy does.

Can you add a filter so it's easy to see which problems can be automatically fixed and which ones need manual intervention?

High/Medium/Low severity rankings applied to these to help prioritize - points out some easy wins - which policies to start enforcement on and how to prioritize.

The ability to remove enforcement of a policy would be great. I'm not seeing that as an option anywhere within ISPM but maybe I'm missing something in the UI.

This UX enhancement will provide a streamlined experience to deploy Security Controls and CA policies within a single organization.

It would be handy if additional filters could be put in place in the ISPM Organization list, for example: Being able to filter based on the Huntress Compliance Rating or Microsoft Secure Score Also it would be handy to be able to Sort both of the above from high to low, low to high

Summary: It would be nice if navigating "back" through links in the UI remembered the filters you have set. Scenario: In evaluating ISPM, I figured I'd enable Continuous Enforcement in my organization, for any controls in the Foundational group, for which I am already compliant. If I then filter for Foundational Group, then for Controls that I'm already compliant, I can see a list of controls to Manage. I then click into a particular control to Manage and enable Continuous Enforcement. I then click on the Security Controls link pictured in my attached screenshot, and it takes me back to all Security Controls for the org, but my filters for Foundational and Compliant have been removed, and I'm now looking at every Security Control that is non-compliant, which appears to be the default view from this page. It would be nice if backwards navigation through the UI remembered my previously set filters.

I love the setup of "Why does it matter?", "What will change?" for the current controls. However, some of the items do not make sense to me: Microsoft Authenticator is configured to protect against MFA fatigue: This one calls out having users being able to report suspicious activity, however, that action only makes a user account "risky" to Microsoft, which only matters if "Risk" Conditional access or rules are in place. Why include that if it does functionally nothing? Ensure organizational terms have been added to the banned password list: This is an odd one, as it really only trims out the company name (unless you somehow get the client to share a list of common terms for the company, good luck with that). With MFA in place, does this make a functional difference for attackers? Non administrative users should be prevented from retrieving BitLocker keys: Not gonna lie, I am just curious for the story behind this one. I want to know the event you all saw where an attacker gained access to a user account, grabbed the Bitlocker Key, stole that device and then did bad things with the data. That sounds like some James Bond stuff. Easy control to implement, just why would you think of it? A dynamic group for guest users is created: Why does this matter? The control states its for organizational purposes, but CAP has controls for Guest users already. So what is the actual value here? This seems fully redundant to me. System-preferred multifactor authentication is turned on: From my understanding, this just means enforcing MS Authenticator. As that is the ONLY supported "System-Preferred MFA". Why not have a different control here? such as one that tracks what the WEAKEST available MFA method for the client is? and make it non-compliant if it is not phishing resistant? Ensure 'Per-user MFA' is turned off: This is oddly named. Why call out "per user MFA must be off?" When you have controls for Security Defaults/CAP. Seems redundant. What is the value here? I am not the smartest man, so I am probably missing something here. Overall it would be cool if your controls had a "Why we recommend doing this" tab, that explained "oh this would have stopped x incident, or we see y attackers using this technique that would be stopped by this".

Similar to the Severity color code, being able to see the impact from the list with color coding. I have to drill down to low and medium severity items to get a message that this is a low impact change

A capability that I think would be great to have inside of this would be an easy way to see how many external shares have been created, especially ones without expiration (since those are public URLs). This would also include the ability to do audits on SharePoint sites and SharePoint folders for who has access. For some of our compliance customers we need to be able to tell who has access to certain data and it's kinda cumbersome to do that in SharePoint. Having a quick way to audit that would be wonderful.