Managed EDR

Currently, the tooling allowlist only allows for individual IP addresses. I went to add Microsoft Defender for Endpoint Public IPs to this list, however I see this is not currently available. With the integration with Defender for Endpoint, we are significantly limited when using isolation in Huntress and lose the telemetry from MDE, as well as the ability to do things like collect investigation packages from MDE without removing isolation and leaving the environment at risk.

Huntress can show in each agent whether Defender tamper protection is enabled or not. To find & remediate these, it is impractical to check each one individually. A single page or report that shows all these devices would allow us to keep on top of this much more efficiently.

It would be invaluble for huntress to be able to mark a file as tamper-proof/offer tamper protection for various system files. We had a TA bypass DUO by pushing changes to the host file and flooding the API to localhost .

Ability similar to SentinelOne to be able to remove a Huntress Agent via a Huntress controlled script from safe mode. Avoiding issues where previous IT has passed away, disappeared, or is refusing to comply with the clients request even after legal action. Or potentially a legal form/request the client themself can make to Huntress with a legal proof they've terminated services with the other provider.

We have a client who manages his own clients, and likes the branding to be his. However, the name of our main account shows up at the bottom of the "Isolation messages" which are displayed for his clients. I see that the report are banded. Can the isolation messages, (and any other branding visible to the end user), be branded for our client?

Integration that allows the creation of suborganizations under an organization so that for instance if M365 integration is in affect for an organization that has multiple O365 tenants, that a new organization does not need to be created for each tenant. For Example >Stevies Disco Emporium (Main Organization) >Stevies CD Emporium (Seperate tenant under the same company)

This feature sounds great in theory but not all organizations operate at the same and it seems we cannot use it on a per-organization basis. Whenever features are implemented PLEASE consider making it both partner and organization level. The more functionality is added at the partner level only the less MSP friendly the tool becomes. Not all organizations are the same!

Can something be added to both email and SMS alerts that identifies the type of critical incident? Like your default email message starts like this today: [Huntress Detection] CRITICAL - Incident on However, the [Huntress Detection] CRITICAL often fills the screen when looking on mobile devices. Could you maybe change it to [Huntress MDR Detection] CRITICAL - Incident on Or [Huntress ITDR Detection] CRITICAL - Incident on The SMS message "This is Huntress Labs Incorporated. A cyber incident..." Could you please change "A cyber incident' to "A MDR incident..." or "An ITDR incident..." These small changes would improve our efficiency with dispatching the correct resources we need to respond.

from the documentation: *Administrators can always see the anticipated scenarios for the next month in the portal to let helpdesk staff know before the campaign starts. Can we add email accounts to receive this update, so we don't have to do it manually. Does it already email you (the admin) the campaign scenarios? I don’t see a setting.

The new Sensitive Data Mode (for compliance customers, such as CMMC) does not currently have any indicator that Sensitive Data Mode is on for them anywhere. It would be nice if there was even an icon that shows it enabled w/ a hover-text saying "Sensitive Data Mode Enabled" or something like that in the Org list. I realize we can't turn it on/off ourselves, but having an indicator would be ideal!