MAV (Managed AV - Microsoft Defender)

With the addition of the new Managed Exclusions in the web ui, simply adding an exclusion to a specific agent has become unintuitive. When navigating to the Agent > Antivirus > Policy > Configure, I'm met with a link to a whole another page, which does not have an obvious option to add a single exclusion to a single host. In the effort to add a cool new feature, you have somewhat crippled an existing feature. I discovered this while on a call with a customer, and I didn't have time to properly explore all the nooks and crannies of the portal, when I didn't find the option I needed where I expected it to be. I had to reach out to your help via chat, somewhat embarrassingly. So please rethink the new design and make it a little easier for us to manage.

To enable better reporting via RMM, it would be nice to enable notifications for Defender detections. Including those which are low-severity or automatically remediated.

One of the key components of Windows Defender is the Attack Surface Reduction (ASR) Rules. In my opinion, the ASR rules is what makes Defender such a powerful platform. It would be great if we could include the ability to turn on, manage, and add exclusions for the ASR rules in huntress. Other competitor platforms can do this and it works quite well. These rules exponentially expand the effectiveness of Defender.

Looking for the ability for Defender to automatically scan USB media when plugged in. This would ideally be in addition to the quick scan and full scan schedule.

Be able to force enable defender when defender is disabled.

This Feature Request is on behalf of a customer. They'd like the option to ignore GPO policies when reading firewall settings, and instead go based off of the actual current firewall setting (GPO or manually configured). This will prevent false positives where group policy fails to apply and the firewall is disabled.

Use case is automating remediation of MAV Policy non compliance using RMM and/or other platforms. Get possibilities that come to mind are: a single host, array of hosts, all hosts in an organization, all hosts for an array of organizations, or just "all hosts not compliant with MAV policy" with the results including MAV policy compliance details including: compliance status, current policy setting, and current host setting would be very helpful.

Looking to have any/all Antivirus Event create a ticket via PSA. With opt-in and opt-out of this. Would be nice to include details as to if it was removed or not.

It would be nice to be able to schedule Full Scans the way we are able to schedule Quick Scans to run on a given time interval.

Current Azure AD SSO implementation is insufficient as it focuses only on the user credentials being valid. https://support.huntress.io/hc/en-us/articles/4409263391123-SAML-SSO-Setup-for-Microsoft-Azure In environments we work within it is common place to ensure that in addition to valid user credentials & MFA the device being used to access must also be compliant. (in our case, AV, Windows Updates, Bitlocker encrypted, corporate ownership, etc). This is essential to prevent valid user credentials and MFA being used on a personal / non-corporate (or bad actor) device. Currently, if we simply enable Huntress SSO it is blocked by our default (all) conditional access policy resulting in a Microsoft 'you can't get there from here' message showing the device registration is unregistered which isn't true, it is rather that Huntress does not support the functionality.