Alert on administrator account changes
under review
J
Jason Farris
It would be useful to get alerts when changes are made to administrator accounts or administrator roles are assigned. Specific examples:
-Any administrator account password changes or is reset
-Any administrator account authentication method changes or resets
-Any administrator account has sign-in blocked or existing block is removed
-Any administrator role added to or removed from an account
-Emergency administrator (break-glass) signs in or failed sign-in
-Conditional access policy changes that apply to administrator accounts
Eric Henry
under review
Canny AI
Merged in a post:
Global admin notifications
A
Adam McCloy
Find the MDR detections are great, but hoping there may be a way to get email notification from them... particularly looking at getting email notifications for New Global Admin rule.
J
James
This would be a welcome change for any administrative role changes.
J
James Davidson
This all sounds good, in addition:
Changes to local administrator accounts on machines, where all previous local administrator accounts are removed and replaced with a new local administrator account.
We had a breach recently at one of our sites where a user accidentally applied another companies device management policy to their machine. This in turn installed Intune and the foreign companies RMM and applied restrictive policies to the machine including removing all previous local administrator accounts. While this turned out to be accidental, this method could be used maliciously to quickly take control of an asset, and therefore I would expect Huntress to respond to it and alert me, which it did not.
R
Robert Dana
Merged in a post:
Global Admin M365
D
Darrin Piotrowski
MDR does NOT detect if the global admin had MFA disabled. Fortunately for us, we are running Huntress MDR and another product side by side still...
C
Charlie Klemm
Yes, please add some functionality here.
J
Jacob Wiley
Yes, SaaS alerts had a lot of these, it's sad to have lost them coming to Huntress.
S
Salley'la Auer'la
Hi Darrin!
Correct, we've not shipped a complete MFA detection set yet, but they're in progress.
We added MFA visibility to our M365 User list the week before last (08/24) to show our development progress to our Early Adopters.