ITDR (MDR for Microsoft 365)

It would be helpful to have the option to set a start date for authorised location rules, in addition to the existing expiry date. This would allow us to pre-schedule access for users who notify us in advance of overseas travel, without having to manually set the rule closer to their departure. It would also reduce the risk of prematurely allowing access from high-risk locations.

If you have a broken tenant, we will tell you.

Allow us to create a rule that sets a (or multiple) countries as Allowed and all others as Unexpected

Currently this is only available at the Account / MSP level and not granular down to Organization / Client level.

Google tenant integrations, identity onboarding, and basic event ingestion.

Can their be a way to pick multiple countries for a user instead of needing to create a new rule per country per user. Also to have a way to swap Expected to unexpected in the rule. Currently if you save the rule by accident it grey's out the options to change the user or to change the behavior. It would be beneficial if they can be updated after the fact.

Some types of escalations are bundled together, (missing Entra Location for example). This creates confusion and the risk of missing an escalation is high. It would be nice to have the same type of notification regardless of severity. Maybe an option, (global and organization level), to control notifications?

Would it be possible to add UniFi/Ubiquiti WireGuard VPN as an option in ITDR rules?

Alert on updates to risky user status (it may be that you now do this but the identities I'm seeing were flagged before this was supported). Client was unable to access an external SharePoint environment due to being flagged as a risky user from last year, and it would be great to address and remediate these alerts before it results in an inability to access resources.

Please add functionality to map multiple Microsoft 365 tenants into a single Huntress organization. We have clients that are acquiring competitors. We need to be able to feed M365 MDR data into Huntress while billing our clients under the parent organization.