ITDR (MDR for Microsoft 365)

It would be great if there were a true two-way sync of incident statuses

The escalations per identity in Identity Threat Detection & Response only support the two escalation types of Unexpected Country and Unexpected VPN. All others create new escalations. It would be nice for all escalations to be created with individual identities so that the Autotask integration accounts for all details in an escalation by ensuring each detail becomes a single escalation, which then becomes a single Autotask ticket. As of now, new details are getting added to old escalations that had already been resolved as well as the Autotask ticket completed. When escalations open again, the ticket does not get reopened. This causes a disconnect in our NOC in that escalations show as active in the Huntress console, but in Autotask. Our workaround is to closely monitor the console.

It would be nice to be able to view all applied rules in an organization or MSP level to see what has been put out there. A way to audit what the technicians are doing and ensuring that only what is needed is actually in place without having to click on each individual user. Even further an option to export this into report form in order to present to the client and ensure again, only what is needed is there. Ex: Applied Rules User Email Rule Summary? Date Applied(start of rule) Date End(end of rule) etc.?

I want to block all countries except the US and India to prevent unauthorized access. Currently, I have to create a rule for each country, which is time-consuming. It would be beneficial to have a feature that allows mass blocking of countries, similar to the existing VPN blocking capability.

If you have a broken tenant, we will tell you.

Google tenant integrations, identity onboarding, and basic event ingestion.

Currently, we’re accurately representing the data we get from MS, but the visual could be better. This is the ability for us to more accurately display MFA status for identities.

The Managed ITDR team will be adding Informational Alerts as Escalations. These will initially be basic and available by request. We eventually will allow for customization and tuning of these types of alerts. We are looking to immediately develop the following basic escalations: * Admin roles granted to an identity * Successful logins blocked by Conditional Access * Break glass account sign in Please use this topic for feedback and other suggestions relating to Informational Alerts.

There's a high priority need to have a sync feature from 365 Azure AD (Entra) for geo exclusion groups. This would allow the ability to sync 365 Azure AD groups to Huntress IDTR as a way to control which user identities trigger alerts on unwanted country sign-ins and save time opposed to adding either the entire org under a country or add each country separately.

Add the ability to add multiple countries when creating location rules.