ITDR (MDR for Microsoft 365)

Push Unwanted Access Exclusions to Conditional Access Policies
I realize this would be tricky to implement because of the numberous different ways organizations can implement conditional access policies to block unwanted countries. However, with the introduction of the feature to track unwanted access by countries in Huntress ITDR we've now been doing double duty having to track and enter scheduled exlusions in both Huntress and Entra ID (we utilize the open source CIPP to schedule these exclusions). It would be great if Huntress would integrate with Entra ID so that the scheduled/timed exclusion that we're creating in Huntress to mark that country as allowed would have the ability to link to a conditional access policy that it can update on the start/end dates of the scheduled travel as well. Due to everyone potentially having different conditional access policies - the easiest way I can invision this being implemented is simply pulling a list of the Conditional Access policies from the tenant when scheduling the exclusion and requesting which policy should be used for this particular exclusion. Then Huntress can add the user to that conditional access policy for the exclusion when the scheduled travel starts and then remove them when the scheduled travel ends. This is coincidentally the same way CIPP handles these exclusions. This allows this functionality to work for anyone who has individual conditional access policies for each country, one single conditional access policy for all countries, or anywhere inbetween.
3
Elevating ITDR for M365: Deep Identity Risk Insights & Unified Response
Hey Huntress team. Hope this helps with roadmap planning. Identity attacks keep getting more sophisticated, and I think there are some features that could make Huntress even more powerful for our day-to-day operations. Here are a few ideas around deeper identity risk insights, better remediation guidance, and unified threat correlation that would help everyone respond faster. Deep Configuration Intelligence: Scan for complex identity misconfigurations beyond standard checks, including misaligned cross-tenant access settings, risky OAuth app permissions, and overprovisioned service principals with prioritized severity ratings. Enhanced Remediation Guidance: Provide tenant-specific, prioritized remediation steps with guided or automated fixes. For example, when detecting risky SharePoint external sharing paired with weak guest access policies, offer specific configuration adjustments tailored to that environment. Cross-Domain Threat Correlation: Link identity-based threats (like suspicious Entra ID logins) with endpoint activities (such as malware detections) to map complete attack chains. This would provide a unified incident view showing the full scope of an attack for faster, more effective response. Zero Trust Maturity Dashboard: A progress tracking system that measures ongoing Zero Trust framework alignment, with specific metrics around identity security posture and measurable improvement over time. Thank you for taking the time to consider these suggestions. While I realize some of these ideas may have been recommended before, I wanted to share them just in case they haven’t been fully explored yet. I believe they could bring meaningful improvements and help make Huntress even more effective. I appreciate all the hard work your team puts into the platform.
0
Load More