Just to highlight how impactful it is to not have the ability to block all VPNs on the organization level:

We have a client that wanted to block all VPN usage except for 3-4 approved VPNs. We have upwards of 30 organizations in our Huntress portal (all with different VPN usage policies) so turning on the "block all vpn" on the account level was not an option.

I had to put in 696 INDIVIDUAL rules to put this in place and it took me almost 8 hours. Going forward we will have to tell clients that blocking all VPNs is not an option through Huntress because this is so unnecessarily time consuming.

It would be super helpful to have an update on if this is really being worked on since the last update was from January 2025 stating that it will be delivered in Q1 2025.

Thanks for getting this functionality out there! It'll help keep things cleaner in the long run.

However, it is only doable at the account level which affects all of our customers at once. It really needs to be configurable per customer (Organization). The situation we have is that I have one customer that needs all VPNs blocked as they are under an active attack (3500 users), but I need to onboard more customers that would benefit from have it toggled off so that we can calibrate the VPN settings during their initial onboard period without unnecessarily isolating their accounts. This would ensure that newly onboarded customers VPN detections could be handled as escalations that need further investigation by the MSP, instead of a critical incident that locks down the account.

Adding to this. The escalations are great, but I really need a way to immediately block an accounts access if any VPN is used. Shoot first, ask questions later. VPN use is sometimes legit, but most of the time, it's really an attack. Either a full "block all VPNs except for the allow list" rule, or a way to lock a user account on certain escalations.