MDR for Microsoft 365 Unwanted Access Now in General Availability

We're excited to announce that Unwanted Access for MDR for Microsoft 365 is now in General Availability! Unwanted Access protects your identities by detecting malicious activity related to logins to your Microsoft tenants. Unwanted Access introduces several new features:

Huntress now detects differences within login events from the same session. Our SOC analyzes these differences and will report on and isolate the identity if warranted.

Huntress now allows partners to configure Expected and Unauthorized rules within the Unwanted Access dashboard. These rules allow partners to tailor their SOC experience and provide context to Huntress analysts investigating potential malicious activity. Expected rules allow partners to specify countries and/or VPNs through which logins are expected to occur. By default, the identity’s usage location (country) from Microsoft will be treated as an Expected country.

Huntress will still evaluate all events for malicious activity, but Expected rules help the SOC filter out anomalies from confirmed malicious activity. Unauthorized rules allow partners to specify countries and/or VPNs through which logins should never occur. Huntress will send an incident report and isolate identities that trigger Unauthorized rules.

Huntress will now generate escalations for unknown login locations and unknown VPNs. These escalations provide partners with the ability to tell Huntress (via rules) if activity is Expected or Unauthorized. Escalations are only indicative of unexpected login activity and should not be considered incident reports.

We are continually iterating and improving upon Unwanted Access. To request specific features and see what is coming, please visit http://feedback.huntress.com/.