AD Connect and MDR for Microsoft 365
in progress
M
Michael Abt
So its great that Huntress can disable a user but the issue is that when it sync's back to the on prem server if that user is not locked will re-enable the users account and remove the block. This is an issue because we want the account to be locked until we can look into it but if its not locked on the server the user just has to wait until the sync and then they are re-enabled.
Rich Mozeleski
in progress
This work is in progress. We will be using the Huntress agent (when deployed on the AD server) to disable and re-enable hybrid identities. We expect this work to be complete in a few weeks.
R
Robert Simmons
Any Update?
C
Calin Andrews
Is there an updated timeline on when this is planned to be delivered?
E
Eric Zappe
Seconded. I want it nowwwwwww. 😆
R
Robert Simmons
A agent on a local DC that integrates with huntress would be ideal. Disabling the local accounts automatically in the event of any potential issues would be a critical feature in my mind.
Rich Mozeleski
Merged in a post:
ADSync configuration updates
Rich Mozeleski
~40% of identities we manage use ADSync. When we disable these identities, they are automatically re-enabled the next time AD syncs with Entra. This work fixes that.
Rich Mozeleski
Merged in a post:
Disabling AD Sync users
D
Derrick Bennett
It would be really awesome if, when the ITDR recognizes a critical incident (and would normally disable a cloud only user) if it was able to identify if a domain controller exists in the same MDR tenant and pass through a powershell command to disable that user, and run a delta sync.
J
John Hardwick
I'd be curious to know what the plan is here - using an agent on a DC to at the same org to disable the sync'd account?
Rich Mozeleski
John Hardwick: Correct!
Rich Mozeleski
planned
This will be a Q1 deliverable
P
Peet McKinney
Rich Mozeleski superb.
T
Toby Stephenson
Agreed. I would also add the ability to record the success/failure of the “containment” activity, with the SOC following up as necessary.
P
Peet McKinney
Just coming back to this critical need to note that other MDR's seem handle this with an agent on the DC's, considering the Huntress agent is on most of our DC's disabling an account there is pretty straight forward.
shrug
¯\_(ツ)_/¯. Hope this moves to "in progress" soon.Load More
→