new
MDR for Microsoft 365
MDR for Microsoft 365 Unwanted Access Now in General Availability
We're excited to announce that Unwanted Access for MDR for Microsoft 365 is now in General Availability! Unwanted Access protects your identities by detecting malicious activity related to logins to your Microsoft tenants. Unwanted Access introduces several new features:
Session Token Theft Detection
Huntress now detects differences within login events from the same session. Our SOC analyzes these differences and will report on and isolate the identity if warranted.
Unwanted Access Rules
Huntress now allows partners to configure Expected and Unauthorized rules within the Unwanted Access dashboard. These rules allow partners to tailor their SOC experience and provide context to Huntress analysts investigating potential malicious activity. Expected rules allow partners to specify countries and/or VPNs through which logins are expected to occur. By default, the identity’s usage location (country) from Microsoft will be treated as an Expected country.
Huntress will still evaluate all events for malicious activity, but Expected rules help the SOC filter out anomalies from confirmed malicious activity. Unauthorized rules allow partners to specify countries and/or VPNs through which logins should never occur. Huntress will send an incident report and isolate identities that trigger Unauthorized rules.
Escalations
Huntress will now generate escalations for unknown login locations and unknown VPNs. These escalations provide partners with the ability to tell Huntress (via rules) if activity is Expected or Unauthorized. Escalations are only indicative of unexpected login activity and should not be considered incident reports.
Please note: As we transition from Beta to General Availability, we have resolved some open escalations for corporate/SASE VPN solutions automatically.
We are continually iterating and improving upon Unwanted Access. To request specific features and see what is coming, please visit http://feedback.huntress.com/.