ITDR Onboarding Overhaul
in progress
Rich Mozeleski
## Problem
Bringing a new M365 tenant under Managed ITDR is the first step of every partner-client relationship. Partners need that process to be fast, predictable, and visible — they need to see exactly where each tenant is in onboarding, get an accurate signal when something requires their attention, and minimize the time they spend manually walking each tenant through setup. Partners running ITDR across dozens or hundreds of tenants also need a single place to monitor onboarding progress without checking each integration individually.
As Huntress expands Identity protection beyond ITDR, partners also need a simple path to add additional Identity products to a tenant they've already authorized — without restarting onboarding from scratch.
## What We're Doing About It
We've rebuilt the ITDR onboarding flow with the partner experience at the center. Partners see clear status as each tenant moves through onboarding. Common errors are automatically corrected, and when partner action is required, we send a specific, actionable notification.
The new onboarding flow also supports adding additional Identity products to an existing tenant as a one-click action.
## Impact
- The manual steps a partner walks through to onboard a tenant take roughly two minutes; the remaining onboarding work completes in the background.
- Real-time visibility into the status of every tenant being onboarded.
- Common onboarding errors are auto-resolved; the rest come with a clear, action-specific notification.
- Additional Identity products can be added without re-authorizing the entire tenant.
Rich Mozeleski
Merged in a post:
Onboarding Improvements
Rich Mozeleski
The Managed ITDR team is looking to improve the onboarding experience for tenants in Q3 of 2025. This will include a revamped CSP/GDAP onboarding for streamlining the onboarding of many tenants.
Please comment here on other onboarding improvements you'd like to see us work on!
A
Alex Wilkins
The process of onboarding is smooth right now IMO, single GA login and accept the app. The issue arises when "updates" to the application need to be done. AFAIK, right now, you (Huntress) have no logic in the system to check if permissions have been updated or accepted other than through your Re-Authorize button. This is not the way to handle multi-tenant application stuff post GDAP enablement. We, as partners, should be able to apply permissions sets across our managed client base, and your application should be able to see those new permissions applied seamlessly.
At the very minimum, as part of your "healthy" status checking system, in there should be a poke to see what "version" of permissions are available to the application. That way, we can use management systems like CIPP to push out new application permissions across our tenant base, instead of re-authorizing dozens of tenants.
This is by far the most irritating part (which is a great compliment =P). Please have something in this process where permissions are checked without us needing to GA Login or some other interactive process on a per-tenant basis.
To further add to this, we can use systems like CIPP to deploy multi-tenant applications, and do so successfully for many of our management applications, we would love for Huntress to also be a part of that system, where it can detect an active and authorized install of its application through either a tenant ID or onmicrosoft.com domain addition.
K
Kenny Maurer
Alex Wilkins Deployment using CIPP would be 10/10
Rich Mozeleski
updated the status to
in progress
S
Sibe Pronounced Ceebeh Klomp
As an MSSP/MSP it would ease onboarding if we're able to send the client an onboarding request email, through which they can log in as global administrator in their M365 tenant and allow the ITDR application.
Currently, we either have the client temporarily create a Global Admin account for us to set up the integration, or we share our screen through Teams / Zoom and give control to our client for them to type their credentials.
C
Carles Javierre
Sibe Pronounced Ceebeh Klomp Bump! This is a must and a pain, now even more with GWS.
J
Jordy Minnebo
I feel that when you onboard to the Defender thing and you don't have a valid license, that it never rechecks again. I added in my SOP, to just auto add all ITDR customers, regardless of their current license, as we tend to always propose an upgrade to Business Premium on renewal dates.
A
Adam Palmer
It would be amazing if the onboarding wizard asked if there are any other tenants for this customer that you'd like to onboard and allowed you to onboard them. We have several customers that have made acquisitions but haven't paid for a project to combine tenants. We also have a few clients that keep separate tenants for specific business reasons and do not wish to combine tenants. However, they are treated like a single entity and billed as a single entity. Right now, we either need a secondary company in our PSA / Huntress or we can't monitor these other tenants.
Rich Mozeleski
Merged in a post:
Onboarding improvements
Rich Mozeleski
Allow customers to onboard using CPV (Control Panel Vendor) automatically, reducing the barrier-to-entry and single point-of-failure we have today.
Rich Mozeleski
Merged in a post:
Alert when onboarding new tenants to ITDR - This will cost the client money!
G
Glenn Schache
We recently had an issue where a technician onboarded some clients to ITDR that were not paying for the feature. We have clients who are EDR only, hopefully just for the short term.
It would be great if a banner could be displayed when integrating a client with M365. Something like " Please be aware that this integration will cost the client an extra fee"
S
Steven Richardson
Absolutely! Engineers are busy engineering - but it would be great to highlight when connecting integrations is going to add a feature that costs money.
Enabling the integration to M365 is one thing and would allow the discovery of user counts etc, and then having an "on/off" switch for the service which would then be able to say something like "You are enabling ITDR for 150 users, please confirm"
Rich Mozeleski
Steven Richardson / Glenn Schache: If you inadvertently added tenants to ITDR reach out to your account manager and CC me and we'll get it sorted out for you. Regarding this functionality, we are going to be taking a look at onboarding and tenant health in Q3. I'll leave it open for now.
S
Steven Richardson
Rich Mozeleski Thanks for reaching out. All sorted already which is great (super easy btw). Thanks!