Risky Users
under review
R
Ryan Sipes
Alert on updates to risky user status (it may be that you now do this but the identities I'm seeing were flagged before this was supported). Client was unable to access an external SharePoint environment due to being flagged as a risky user from last year, and it would be great to address and remediate these alerts before it results in an inability to access resources.
Rich Mozeleski
updated the status to
under review
Evaluating this as part of enhancements for premium-licensed tenants.
K
Keir Nolan
I'd like to see this too. If Microsoft deem a user to be at risk, then it seems sensible for Huntress to take this as a call to action to do initial triage and ascertain from their data and tooling if it's a real/false positive. The result of this can then be sent to the customer as an escalation the same way other alerts are. The data is already being collected by Huntress and visible on the ITDR dashboard so the main thing missing is the follow on action to triage it.