Find the MDR detections are great, but hoping there may be a way to get email notification from them... particularly looking at getting email notifications for New Global Admin rule.

Add a warning when a tenant does not have the necessary licensing for functionality.

80% of security related issues we work on are endpoint & Office 365 related. We can use the Sentinel SIEM from Microsoft and other products, but they seem to be from full SOC vendors. If there was a good 365 monitoring solution, I would find it easier to get Huntress in more of my clients.

MDR does NOT detect if the global admin had MFA disabled. Fortunately for us, we are running Huntress MDR and another product side by side still...

Recently, hackers try to use hosting and VPN service in the region where the client is normally working to avoid detection. a. 99.99% of our users will never use a VPN provider to access their work email It would be interesting to have a toggle for automatic alerts on access from consumer VPN like ExpressVPN and Windscribe for example.

I would love to see a UI alert on my main tenant in the MDR showing that I have unmapped clients. Also it would earn you more business faster since I will then notice that I forgot to map them :)

The banners that display when selecting the MDR screen need massive improvement. For instance: "Microsoft 365 event subscription missing. The error should automatically resolve when unified audit logs are available. No action needed, do not remove integration." This displays when a customer doesnt have MDR configured or licenced to them.

Would love to see a check on IF the records for SPF, DKIM and DMARC are in the DNS records would be great. We had to build a tool ourselves to check this, but have to manually add the domains we want monitored. Would be nice to query the Graph API and see what domains are within the tenancy and then check those on a hourly basis in case its shut off. Huntress could build this in! :)

MDR and EDR should have a better bundled price available. Its a new product, and needs traction. We have gone to Market and find right now that there is pushback on price.

When an account experience say 100 failed login attemps in 1 hour but the 101 login is succesvol this might indicate a successfull brute force attack. In that case I want to know. Number of attempts and timeframe to be defined; this was just an example.