Unwanted Access: Set Expiration dates for rules
complete
Rich Mozeleski
complete
This is complete. Partners can now set expiration dates for Expected rules from the configuration rule dashboard. Next up: adding the ability to create an expiring Expected rule directly from an escalation.
M
Michael Herewini
Upvote
Rich Mozeleski
in progress
This is in progress!
Rich Mozeleski
Merged in a post:
Authorized travel
B
Brad Brown
Some of our customers will notify us that they have a staff member about to travel and that we can put the staff member into the appropriate conditional access group in Microsoft 365.
Since we've added Huntress MDR for M365, we have had users blocked from signing in while traveling abroad until they report a work stoppage to their manager and we manage the alert. This upset the primary contact at one these organizations, as they had expected us to prevent this interruption.
We inquired of Huntress if there is a way to preapprove travel, and were told that we could add the end user to an exception list. I fear this would prevent detection of legitimate unauthorized access from locations outside of their travel plans.
Can we instead authorize specific locations, give the override an expiration date, and maybe in the future automate it to check the conditional access settings within Microsoft 365 for if they are 1) enabled and 2) permitted to travel?
This is being submitted per recommendation of Huntress Support.
D
Danny Chaplin
Upvote
A
Adam Ruffolo
We definitely need an option to set expiration dates and to sign off escalations as a onetime approval and not having to create a rule for the user, the organization or the entire account. If we are okay with user A using a VPN once, we shouldn't have to approve the rule for perpetuity or create the rule, then add a calendar note for ourselves to go back in and delete the rule.
The options should be:
- Revoke (Unexpected)
- Approve (once)
- Approve (create rule for user)
3a. Approve (create rule for Company or all Companies).
R
Ron Diel
I agree with Doug. One of our tenants had a user in Paris for the Olympics. Rather than try and remember to go back through all our tenants to remove rules like that, an expiration date is much preferred.
D
Doug Thomas
I second this request. This should be for country or for VPN connections. Like a button that is just an "Expected this one time" so the singular event is flagged as ok, but any future connection attempts would be flagged as unexpected again.
Daniel Anner
This is great, just a heads up a CSV import/bulk creation option would be great
J
Joel DeTeves
Since Huntress is a CIPP sponsor and CIPP has a Vacation Mode feature for users travelling it would be really cool if Huntress developed a CIPP / API integration for this. Besides that, would also be good if we can submit manually in the Huntress Portal.
Load More
→