ITDR (MDR for Microsoft 365)

It's a challenge to reach users who travel abroad for vacations when they trigger country rules. Today, we worked with multiple HR depts to require users submit a ticket notifying us when they plan to travel. On the surface, this seemed brilliant... in practice, we got a ton of tickets from people with their vacation plans months away. I wish there was a way to schedule a from/to timeframe instead of the current temp rule "from today until X date." I hope this makes sense... if the users are proactive with their notifications to us, we'd like to be proactive in the unwanted access portal as well. Thanks!

Would really need the ability to 'prebook' Planned travel as already requested in another post, but we are already getting asked by customers if they could manage this directly. We aren't struggling to get customers to pre-advise; but have gotten multiple asks if they could manage travel rules (creation, adjustments, etc) and some have raised the point that if it was missed, HR is probably the best positioned to know for sure. We'd still want oversight of course - but I can see a huge benefit for the source-of-truth to have direct & immediate ability to set the rules and respond, without us having us as a bottleneck in the middle.

Our users are understanding we typically just disable any account that logs from a different country, than call them. So, they are notifying us of their travel plans. I spoke with support and there isn't an option. Currently we are doing a manual team notification process. So, when we see the escalation, we don't disable them. It would be nice to have the start time to avoid human error.

So its great that Huntress can disable a user but the issue is that when it sync's back to the on prem server if that user is not locked will re-enable the users account and remove the block. This is an issue because we want the account to be locked until we can look into it but if its not locked on the server the user just has to wait until the sync and then they are re-enabled.

Partner has wanted to track the age of VPN and Country rules. It would be helpful to be able to display a creation date detail.

It would be great to be able to see a tenants Microsoft security scores within Huntress.

Providing some details about the device when alerting on an unexpected location would help with assessing this situation For example: Device Name Intune managed / Hybrid Joined Conditional access status of the sign in Knowing the device being used at the unexpected location is company owned, managed and conditional access compliant would significantly reduce the concern with it being in another country. Conversely, a random sign in from an OS X device in an unexpected country when a user is PC based would be an immediate concern.

Google tenant integrations, identity onboarding, and basic event ingestion.

Currently, we’re accurately representing the data we get from MS, but the visual could be better. This is the ability for us to more accurately display MFA status for identities.