MDR for Microsoft 365

We need a better alerting system, or at least some kind of notification should you suddenly not get any data from client tenants.

Have a Critical incident generated in the event the Emergency Break Glass/ Allocated User is accessed. per Microsoft recommendations https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access

It would be great to be able to see a tenants Microsoft security scores within Huntress.

We would like to be able to add the company logo of our clients to their monthly reports.

Hi All, It would be helpful if upon review & rejection of suspicious inbox rule incidents, when they were determined to be false positives or benign true positives, we were presented with the option to "reenable" from the console. As it stands, we are only able to do this by using the Exchange PowerShell module (which I don't necessarily want our lower-level techs working in), or by contacting the end user (which I'd rather not since we're the ones who disabled the rule). Similar functionality for other 365 detections (e.g., User account locked) would be nice to have, but since those can be reenabled from the web console they're not as critical. Let me know if you have any questions! Thanks, Matt

Seeking the ability to export the list of billable users from the billable identities page- https://MYSITE.huntress.io/account/managed_identity/user_entities?filters%5Bbillable_licenses%5D=true

We would love to see an Export option on the MDR for Microsoft 365 Users page.

Some of our customers will notify us that they have a staff member about to travel and that we can put the staff member into the appropriate conditional access group in Microsoft 365. Since we've added Huntress MDR for M365, we have had users blocked from signing in while traveling abroad until they report a work stoppage to their manager and we manage the alert. This upset the primary contact at one these organizations, as they had expected us to prevent this interruption. We inquired of Huntress if there is a way to preapprove travel, and were told that we could add the end user to an exception list. I fear this would prevent detection of legitimate unauthorized access from locations outside of their travel plans. Can we instead authorize specific locations, give the override an expiration date, and maybe in the future automate it to check the conditional access settings within Microsoft 365 for if they are 1) enabled and 2) permitted to travel? This is being submitted per recommendation of Huntress Support.

It would be useful to get alerts when changes are made to administrator accounts or administrator roles are assigned. Specific examples: -Any administrator account password changes or is reset -Any administrator account authentication method changes or resets -Any administrator account has sign-in blocked or existing block is removed -Any administrator role added to or removed from an account -Emergency administrator (break-glass) signs in or failed sign-in -Conditional access policy changes that apply to administrator accounts

I would like to see an integration that allows Huntress to see MFA is enabled for MDR for M365 for third party vendors outside of Microsoft, such as Duo. Since MS currently is focusing on MFA enabled within Azure, would be nice to see if it is enabled in outside MFA vendors.