ITDR (MDR for Microsoft 365)

Hello!, We have ran into a need to exclude a certain group of users from being monitored by ITDR. We onboarded our first educational organization and quickly found how much noise their student body can generate, often from VPNs on personal devices. We would love the ability to make the sync of which users are monitored/protected to have the options to: 1- Be limited to users in a certain group/organizational unit AND/OR 2- The ability to exempt members of a certain group/organizational unit from monitoring/protection This would be fantastic so we can either choose to include staff only in a group, or, we have a students group we could leverage for exclusions. Thanks!

Unwanted Access presently only gives you the response choices of Expected or Unexpected. Expected adds the VPN to the allow list, and you have a choice of at the user level or at the organization level. Unexpected triggers a critical incident and blocks the user's sign-in which is overkill if you just want the Huntress alert to go away. The easy use case that comes to mind is at our MSP specifically, where our users frequently support and test out many VPN solutions that our customers use. I don't want to allow these solutions org-wide or even at the user level because outside of specific times these actions are completely unexpected, and we should be alerted on each event. Please help!