Reporting & Dashboards

The current Inactive Devices dashboard lists historical agent sessions (agent + IP combinations) rather than a true deduplicated device view. This creates misleading data and operational overhead because: IP churn (DHCP/VPN) results in multiple entries for the same device. Old IP contexts remain indefinitely; there is no auto-purge or refresh mechanism. Dashboard logic relies solely on Huntress agent heartbeat, ignoring other health signals such as Microsoft Defender for Endpoint (MDE) sensor status or Intune compliance. No option to customize inactivity thresholds or automatically delete stale records. Using this dashboard as a trigger for remediation could lead to false positives and unnecessary workload. Example: Device BLM-PC10Y482 appeared two times in the dashboard with different internal IPs (192.168.87.232, 192.168.87.162), even though the agent was healthy and active.

It would add a lot of value to have these items adjusted or added to the initial assessment report for Microsoft 365/EntraID tenants. CHANGES -Currently the list of application permissions does not name the apps in question -Currently the links in the report all go back to the Huntress portal which we do not allow end users to access -Currently the "example" mailbox rules and suspicious login events verbiage is not immediately clear- it reads like there was an actual event ADDITIONS -Show us users with GA permissions or other admin roles -Show us MFA details or at least counts of yes/no -Show if there are there Power Automate Workflows to reset passwords/MFA/setup new MFA auth methods -Show us whether enterprise app approval restrictions are in place -Show SharePoint/Teams external sharing setting -Show whether the M365 tenant allows new admin roles to be assigned without approval by an existing admin

When in dark mode, entering antivirus exclusions is almost impossible to read what you're typing.

Having all alerts go to a single phone number 24/7 is not really a practical solution. Ideally, we would want to enable alerts for critical incidents to go to our on-call out of hours number during a set time period and at weekends, otherwise incidents might not be picked up until business hours.

I am the admin for an organization (AWRG) under the account for CoOpLink. I would like to receive either an e-mail and/or a text message (preferably both) whenever there is an incident recorded in my organization. Currently there is no known way to filter the communications to just my organization. I would prefer to receive these notifications directly from the Huntress system instead of having to be notified by the CoOpLink tech team. I am sure that I am not the only organization admin that would like this feature.

An app for huntress to enable direct notifications rather than via email for example and give quick access to see what the issue is or be able to manage remediation steps

A client is requesting an automated monthly report that details all incidents investigated.

The new feature to select a different language for threat reports is very welcome however it is currently only for English, Dutch, French and Spanish. We would like to have German as a selectable language for our staff and clients to benefit from these reports.

When a host is isolated, add the date/time of the isolation to the report/log. right now that info is only on the back end. And it would be nice for reporting/troubleshooting.

Starting with Ransomware detections, correlate signals between different Huntress products to uncover suspicious activity, tying compromised identities and endpoints together.