ITDR (MDR for Microsoft 365)

Seeking the ability to export the list of billable users from the billable identities page- https://MYSITE.huntress.io/account/managed_identity/user_entities?filters%5Bbillable_licenses%5D=true

I realize this would be tricky to implement because of the numberous different ways organizations can implement conditional access policies to block unwanted countries. However, with the introduction of the feature to track unwanted access by countries in Huntress ITDR we've now been doing double duty having to track and enter scheduled exlusions in both Huntress and Entra ID (we utilize the open source CIPP to schedule these exclusions). It would be great if Huntress would integrate with Entra ID so that the scheduled/timed exclusion that we're creating in Huntress to mark that country as allowed would have the ability to link to a conditional access policy that it can update on the start/end dates of the scheduled travel as well. Due to everyone potentially having different conditional access policies - the easiest way I can invision this being implemented is simply pulling a list of the Conditional Access policies from the tenant when scheduling the exclusion and requesting which policy should be used for this particular exclusion. Then Huntress can add the user to that conditional access policy for the exclusion when the scheduled travel starts and then remove them when the scheduled travel ends. This is coincidentally the same way CIPP handles these exclusions. This allows this functionality to work for anyone who has individual conditional access policies for each country, one single conditional access policy for all countries, or anywhere inbetween.

Google tenant integrations, identity onboarding, and basic event ingestion.

Can their be a way to pick multiple countries for a user instead of needing to create a new rule per country per user. Also to have a way to swap Expected to unexpected in the rule. Currently if you save the rule by accident it grey's out the options to change the user or to change the behavior. It would be beneficial if they can be updated after the fact.

“Deny all” country by default and bring “deny all” for country and VPN down to the organization level (currently an account-level only)

Add support for Google Workspace for MDR (similar to the O365 MDR).

It would be helpful for Partner Supported /Reseller instances to know the status of the user sync from the console. Whether they are In Progress, Completed, or Error with the sync. I think this would reduce Support tickets. Any data that can be provided to us would be helpful.

If you have a broken tenant, we will tell you.

Currently, we’re accurately representing the data we get from MS, but the visual could be better. This is the ability for us to more accurately display MFA status for identities.

So its great that Huntress can disable a user but the issue is that when it sync's back to the on prem server if that user is not locked will re-enable the users account and remove the block. This is an issue because we want the account to be locked until we can look into it but if its not locked on the server the user just has to wait until the sync and then they are re-enabled.