Changelog
Follow up on the latest improvements and updates.
RSS
improved
Managed EDR
Huntress Managed EDR for macOS now ejects deceptive installers
The Huntress Agent for macOS now automatically ejects malicious DMGs before their payload can execute, stopping infostealer malware in its tracks. Affected users receive an on-screen notification explaining the action, and every disruption triggers a Huntress SOC investigation to confirm the macOS endpoint is clean.
No action required. Huntress gets in the way before damage is done!
Huntress Managed EDR now catches the moment an end user is tricked into overriding Apple's Gatekeeper to launch an infostealer, a critical step in the attack pattern. Infostealers are now one of the most prevalent macOS threat families.
Available now on macOS 14 and later.
Now that we've had partners and customers successfully use Custom HTML Scenarios in Huntress Managed SAT, we are ready to call it general availability. Early adopters are using it to spearphish employees with scenarios ranging from impersonating trusted vendors to using actual employee names and communication style to better prepare their team.
Huntress Managed Identity Security Posture Management (ISPM) is now fully available for everyone.
Managed ISPM continuously hardens your Microsoft 365 environment so attackers have fewer chances to abuse misconfigurations and over-permissioned users.
Our Early Access program ran from March 1 to June 30 and supported thousands of partners and customers worldwide.
Thanks to every one of our amazing Early Access participants. The feedback from over 12,000 Microsoft 365 tenants shaped the future of what we build here at Huntress. Here’s what GA brings for you in Managed ISPM:
- Huntress-Managedsecurity controls for Microsoft Entra ID, Exchange, SharePoint, and Teams. Protecting organizations across common areas of compromise.
- Conditional Accesspolicy management along with recommended templates.
- Learning Modebrings pre-deployment impact analysis for Huntress Managed CA policies.
- Managed Deploymentbrings a continuously updated identity framework which ensures that all managed organizations are automatically kept in line with security updates.
- Drift Detectionwithin minutes and Continuous Enforcement, so you stay aligned with best practices.
We continue to focus on the misconfigurations attackers exploit most, using SOC insights from the millions of identities we manage. This means you strengthen Microsoft 365 posture without building and maintaining your own baselines.
Learn more:
With this release, Huntress Managed SIEM now supports Okta as an identity and authentication log source, giving teams deeper visibility into the identity layer attackers love to target.
Even better: the Huntress SOC has detections built for Okta, helping identify identity-based attacks across key areas like credential attacks, privilege escalation, MFA bypass and fatigue, account takeover, and federated identity manipulation for organizations using Okta as their IdP or SSO provider.
The support configuration guide can be found here:
This is another big step forward in helping teams protect the full attack surface — from endpoint activity to identity-driven threats.
Searching through SIEM logs just got a whole lot easier. With AI Search, users can now search for logs using plain English instead of relying only on ESQL or the Query Builder.
Even better, AI Search helps users learn as they go. After running a plain-English search, simply click the ESQL button to see how Huntress translated your query into an ESQL query.
That means faster searches, easier investigations, and less time wrestling with query syntax.
Plain English in. Searchable logs out.
AI Search is now generally available in Huntress Managed SIEM.
new
Managed ISPM
Additional Security Controls in Managed ISPM
Managed ISPM features continue to grow as we move towards General Availability on July 1. In this set of updates, new Security Controls and enhancements have been added to the following platforms:
SharePoint Online
- An Idle session timeout for SharePoint and OneDrive is in place
- Anonymous sharing links are blocked in SharePoint and OneDrive
- User creation of SharePoint sites is blocked
- Deleted user OneDrive content is retained for at least 90 days
Microsoft Teams
- Communication with unmanaged Teams should be blocked
- Ensure the Organization cannot communicate with accounts in trial Teams tenants
Continuous Enforcement Improvements
The following policies now support Continuous Enforcement with drift detection and auto-remediation:
- Ensure access to the Azure Management portal is restricted
- Ensure unused device types are blocked
- Ensure Guests are restricted from using Microsoft Office clients
- Require frequent sign-in for Admins
- Require MFA to register or join devices
new
Managed EDR
The redesigned Managed Antivirus Dashboard is now GA
The redesigned Managed Antivirus dashboard brings recent Microsoft Defender activity, your noisiest organizations, and busiest endpoints together in one place, so you can see exactly how Defender is protecting your endpoints faster.
What's new:
- Activity at a glance: a new chart tracks blocked, quarantined, and removed files with deltas, so you can spot what changed. Toggle between 7 and 30 days to catch spikes and trends.
- Dedicated AV Events view: roll up event severities alongside quarantined and removed totals, with details on every event.
- Noisiest organizations, first:"Top organizations with events" shows where Defender is most active, and one click opens that org's AV Events page.
- Busiest endpoints, pinpointed:"Top agents with events" surfaces your most active devices at the account and org level. Click any agent to see its signals pre-filtered to that device.
- Compliance you can confirm: a "Recently installed agents" tab lets you verify that newly deployed endpoints match your Defender configuration, with no fleet-wide hunting required.
- Faster configuration: the most common action, Configure Defender, is now front and center on the dashboard.
Partners can now automate more of their workflows using our expanded Agents API. You can now programmatically uninstall agents, update tags, toggle tamper protection, and isolate or release hosts directly from your automation tools, without needing to log into the Huntress portal.
Managed ISPM now support additional security controls to better protect Microsoft 365 organizations.
Exchange Online
Exchange controls have been expanded to include
- Ensure the Common Attachment types filter is enabled
- Ensure notifications for internal users sending malware is set to Enabled
- Ensure Exchange Online spam policies are set to notify administrators
- Ensure that SPF records are published for all Exchange domains
Microsoft Teams
The foundation for Microsoft Teams controls has been added to Managed ISPM, and today marks the first control in place. With this foundation set, you'll see us add more controls as we move toward GA on July 1.
- Communication with unmanaged Teams should be disabled
SharePoint Online
The foundation for SharePoint Online and OneDrive for Business has also been added to Managed ISPM. Today marks the first two controls in this space, adding protection to business information stored in Microsoft 365.
- Ensure Guest resharing of SharePoint and OneDrive files is set to Disabled
- Ensure Legacy authentication protocols are blocked for SharePoint and OneDrive
Load More
→