Changelog

Follow up on the latest improvements and updates.

RSS

Our fifth simulation is now in general availability. This simulation will be accompanying July's managed learning assignment and will give learners a new and improved experience to learn the risks of oversharing online.
You can now onboard Microsoft Defender for Endpoint (MDE) tenants in GCC High environments.
Once you follow the setup steps in KB article, your login, Graph, and MDE API traffic will automatically route to the correct GCC High .us endpoints.
This brings MDE in line with our existing GCC High support for ITDR, so if you've already mapped a GCC High tenant in ITDR, you can now onboard that same tenant into MDE
PSA billing sync has been updated to correctly aggregate counts when more than one Huntress organization is mapped to the same company in ConnectWise or HaloPSA. Previously, billing reflected only the value from whichever organization was processed last, which resulted in undercounting. You will now see an accurate sum across all mapped organizations, so your billing data reflects the full scope of what you manage.
The Huntress Agent for macOS now automatically ejects malicious DMGs before their payload can execute, stopping infostealer malware in its tracks. Affected users receive an on-screen notification explaining the action, and every disruption triggers a Huntress SOC investigation to confirm the macOS endpoint is clean.
No action required. Huntress gets in the way before damage is done!
Huntress Managed EDR now catches the moment an end user is tricked into overriding Apple's Gatekeeper to launch an infostealer, a critical step in the attack pattern. Infostealers are now one of the most prevalent macOS threat families.
Available now on macOS 14 and later.
Now that we've had partners and customers successfully use Custom HTML Scenarios in Huntress Managed SAT, we are ready to call it general availability. Early adopters are using it to spearphish employees with scenarios ranging from impersonating trusted vendors to using actual employee names and communication style to better prepare their team.
Huntress Managed Identity Security Posture Management (ISPM) is now fully available for everyone.
Managed ISPM continuously hardens your Microsoft 365 environment so attackers have fewer chances to abuse misconfigurations and over-permissioned users.
Our Early Access program ran from March 1 to June 30 and supported thousands of partners and customers worldwide.
Thanks to every one of our amazing Early Access participants. The feedback from over 12,000 Microsoft 365 tenants shaped the future of what we build here at Huntress. Here’s what GA brings for you in Managed ISPM:
  • Huntress-Managed
    security controls for Microsoft Entra ID, Exchange, SharePoint, and Teams. Protecting organizations across common areas of compromise.
  • Conditional Access
    policy management along with recommended templates.
  • Learning Mode
    brings pre-deployment impact analysis for Huntress Managed CA policies.
  • Managed Deployment
    brings a continuously updated identity framework which ensures that all managed organizations are automatically kept in line with security updates.
  • Drift Detection
    within minutes and Continuous Enforcement, so you stay aligned with best practices.
We continue to focus on the misconfigurations attackers exploit most, using SOC insights from the millions of identities we manage. This means you strengthen Microsoft 365 posture without building and maintaining your own baselines.
Learn more:
With this release, Huntress Managed SIEM now supports Okta as an identity and authentication log source, giving teams deeper visibility into the identity layer attackers love to target.
Even better: the Huntress SOC has detections built for Okta, helping identify identity-based attacks across key areas like credential attacks, privilege escalation, MFA bypass and fatigue, account takeover, and federated identity manipulation for organizations using Okta as their IdP or SSO provider.
The support configuration guide can be found here:
This is another big step forward in helping teams protect the full attack surface — from endpoint activity to identity-driven threats.
Searching through SIEM logs just got a whole lot easier. With AI Search, users can now search for logs using plain English instead of relying only on ESQL or the Query Builder.
Even better, AI Search helps users learn as they go. After running a plain-English search, simply click the ESQL button to see how Huntress translated your query into an ESQL query.
That means faster searches, easier investigations, and less time wrestling with query syntax.
Plain English in. Searchable logs out.
AI Search is now generally available in Huntress Managed SIEM.
Managed ISPM features continue to grow as we move towards General Availability on July 1. In this set of updates, new Security Controls and enhancements have been added to the following platforms:
SharePoint Online
  • An Idle session timeout for SharePoint and OneDrive is in place
  • Anonymous sharing links are blocked in SharePoint and OneDrive
  • User creation of SharePoint sites is blocked
  • Deleted user OneDrive content is retained for at least 90 days
Microsoft Teams
  • Communication with unmanaged Teams should be blocked
  • Ensure the Organization cannot communicate with accounts in trial Teams tenants
Continuous Enforcement Improvements
The following policies now support Continuous Enforcement with drift detection and auto-remediation:
  • Ensure access to the Azure Management portal is restricted
  • Ensure unused device types are blocked
  • Ensure Guests are restricted from using Microsoft Office clients
  • Require frequent sign-in for Admins
  • Require MFA to register or join devices
Load More