ITDR (MDR for Microsoft 365)

Would like an alert when a user successfully signs into M365 but fails a Conditional Access policy. For example, user gets phished, MFA is bypassed but CA geo policy blocks the sign in. Currently Lighthouse does this via "risky user" alert if you have it configured, which can take days to receive the alert. Huntress does not alert on this attack vector at all. All of this data is available in Entra sign in logs, and licence agnostic. Can huntress create this alert?

Google tenant integrations, identity onboarding, and basic event ingestion.

Hi team, for escalations when marking as expected we'd like to mark the specific IP rather than allowing the entire country. For example, one of our team members access our clients from Romania, I'd like to create an expected rule for that IPv4 without allowing Romania in it's entirety. Thanks,

Please add functionality to map multiple Microsoft 365 tenants into a single Huntress organization. We have clients that are acquiring competitors. We need to be able to feed M365 MDR data into Huntress while billing our clients under the parent organization.

Providing some details about the device when alerting on an unexpected location would help with assessing this situation For example: Device Name Intune managed / Hybrid Joined Conditional access status of the sign in Knowing the device being used at the unexpected location is company owned, managed and conditional access compliant would significantly reduce the concern with it being in another country. Conversely, a random sign in from an OS X device in an unexpected country when a user is PC based would be an immediate concern.

We would like to be able to add Enterprise apps to Rogue Apps for our own alerting, for example if we know the applications an old MSP has used for a new client, we can add it to alert for in their M365 environment and allow us to find and remove the leftover apps.

Would really need the ability to 'prebook' Planned travel as already requested in another post, but we are already getting asked by customers if they could manage this directly. We aren't struggling to get customers to pre-advise; but have gotten multiple asks if they could manage travel rules (creation, adjustments, etc) and some have raised the point that if it was missed, HR is probably the best positioned to know for sure. We'd still want oversight of course - but I can see a huge benefit for the source-of-truth to have direct & immediate ability to set the rules and respond, without us having us as a bottleneck in the middle.

Add support for Google Workspace for MDR (similar to the O365 MDR).

Can we get a feature for Incident Notification Contacts where we can separate who gets called for certain customers? Not all have 24/7 support and some of our internal are not touched by external techs. Thanks!