ITDR (MDR for Microsoft 365)

As an MSP Account Admin, I have the rights to respond to alerts with full functionality. My clients are Organizational Admins, and they get all the alerts but cannot act on them and they find this rightly frustrating. We've heard from Huntress that you have intended to either expand on those rights OR allow us to create Account Admin rights that can be limited to single organizations or sets of end points. Do you intend to make these changes, ever, and if so- when?

It would be great if there were a true two-way sync of incident statuses

I need the ability to set a start date for location rules in advance. This feature would be beneficial for situations like when a senior lawyer is going on a cruise, and I have the stopover dates. I want to add these dates proactively rather than scheduling them manually later, which can be risky.

I realize this would be tricky to implement because of the numberous different ways organizations can implement conditional access policies to block unwanted countries. However, with the introduction of the feature to track unwanted access by countries in Huntress ITDR we've now been doing double duty having to track and enter scheduled exlusions in both Huntress and Entra ID (we utilize the open source CIPP to schedule these exclusions). It would be great if Huntress would integrate with Entra ID so that the scheduled/timed exclusion that we're creating in Huntress to mark that country as allowed would have the ability to link to a conditional access policy that it can update on the start/end dates of the scheduled travel as well. Due to everyone potentially having different conditional access policies - the easiest way I can invision this being implemented is simply pulling a list of the Conditional Access policies from the tenant when scheduling the exclusion and requesting which policy should be used for this particular exclusion. Then Huntress can add the user to that conditional access policy for the exclusion when the scheduled travel starts and then remove them when the scheduled travel ends. This is coincidentally the same way CIPP handles these exclusions. This allows this functionality to work for anyone who has individual conditional access policies for each country, one single conditional access policy for all countries, or anywhere inbetween.

Currently, we’re accurately representing the data we get from MS, but the visual could be better. This is the ability for us to more accurately display MFA status for identities.

It would be nice to be able to view all applied rules in an organization or MSP level to see what has been put out there. A way to audit what the technicians are doing and ensuring that only what is needed is actually in place without having to click on each individual user. Even further an option to export this into report form in order to present to the client and ensure again, only what is needed is there. Ex: Applied Rules User Email Rule Summary? Date Applied(start of rule) Date End(end of rule) etc.?

Please add functionality to map multiple Microsoft 365 tenants into a single Huntress organization. We have clients that are acquiring competitors. We need to be able to feed M365 MDR data into Huntress while billing our clients under the parent organization.

We have certain accounts that are used by contractors around the globe. We do not want Huntress to keep notifying us of unexpected logins, and I don't want to have to spend my time creating and maintaining rules for all the countries that are allowed. We want to allow logins from any country except those that are high-risk or sanctioned, like North Korea, Russia, Iran, etc. If we do have a contractor working in one of these countries, then we'd also like the option to create an exception for that specific country while disallowing all the other risky countries.

Allow us to create a rule that sets a (or multiple) countries as Allowed and all others as Unexpected

Have a Critical incident generated in the event the Emergency Break Glass/ Allocated User is accessed. per Microsoft recommendations https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access