MDR for Microsoft 365 Unwanted Access Now in Public Beta

Huntress MDR for Microsoft 365’s Unwanted Access capability is now in public beta! Unwanted Access protects your identities by detecting malicious activity related to logins to your Microsoft tenants. Unwanted Access consists of several new features for our partners:

: Huntress now detects differences within login events from the same session. Our SOC analyzes these differences and will report on and isolate the identity if warranted.

: Huntress now allows partners to configure Expected and Unauthorized rules within the Unwanted Access dashboard. These rules allow partners to tailor their SOC experience and provide context to Huntress analysts investigating potential malicious activity. Expected rules allow partners to specify countries and/or VPNs through which logins are expected to occur.

Huntress will still evaluate all events for malicious activity, but Expected rules help the SOC filter out anomalies from actual malicious activity. Unauthorized rules allow partners to specify countries and/or VPNs through which logins should never occur.

: Huntress will now generate escalations for unknown login locations and unknown VPNs. These escalations provide partners with the ability to tell Huntress (via rules) if activity is Expected or Unauthorized. In beta, these escalations do not generate PSA tickets or emails, but will generate reports if activity is deemed Unauthorized by the partner.

Huntress values partner feedback and, during this public beta, will maintain a keen eye on feedback.huntress.com.