ITDR Onboarding Overhaul
in progress
Rich Mozeleski
## Problem
Bringing a new M365 tenant under Managed ITDR is the first step of every partner-client relationship. Partners need that process to be fast, predictable, and visible — they need to see exactly where each tenant is in onboarding, get an accurate signal when something requires their attention, and minimize the time they spend manually walking each tenant through setup. Partners running ITDR across dozens or hundreds of tenants also need a single place to monitor onboarding progress without checking each integration individually.
As Huntress expands Identity protection beyond ITDR, partners also need a simple path to add additional Identity products to a tenant they've already authorized — without restarting onboarding from scratch.
## What We're Doing About It
We've rebuilt the ITDR onboarding flow with the partner experience at the center. Partners see clear status as each tenant moves through onboarding. Common errors are automatically corrected, and when partner action is required, we send a specific, actionable notification.
The new onboarding flow also supports adding additional Identity products to an existing tenant as a one-click action.
## Impact
- The manual steps a partner walks through to onboard a tenant take roughly two minutes; the remaining onboarding work completes in the background.
- Real-time visibility into the status of every tenant being onboarded.
- Common onboarding errors are auto-resolved; the rest come with a clear, action-specific notification.
- Additional Identity products can be added without re-authorizing the entire tenant.
A
Alex Wilkins
The process of onboarding is smooth right now IMO, single GA login and accept the app. The issue arises when "updates" to the application need to be done. AFAIK, right now, you (Huntress) have no logic in the system to check if permissions have been updated or accepted other than through your Re-Authorize button. This is not the way to handle multi-tenant application stuff post GDAP enablement. We, as partners, should be able to apply permissions sets across our managed client base, and your application should be able to see those new permissions applied seamlessly.
At the very minimum, as part of your "healthy" status checking system, in there should be a poke to see what "version" of permissions are available to the application. That way, we can use management systems like CIPP to push out new application permissions across our tenant base, instead of re-authorizing dozens of tenants.
This is by far the most irritating part (which is a great compliment =P). Please have something in this process where permissions are checked without us needing to GA Login or some other interactive process on a per-tenant basis.
To further add to this, we can use systems like CIPP to deploy multi-tenant applications, and do so successfully for many of our management applications, we would love for Huntress to also be a part of that system, where it can detect an active and authorized install of its application through either a tenant ID or onmicrosoft.com domain addition.
Rich Mozeleski
marked this post as
in progress