Exception for MDR accounts | Voters

Exception for MDR accounts

complete

Howell Villeza

Need to improve on making an exception rule in part of the Huntress MDR for certain accounts in O365. There is instance that an account may require to access the GA into different GEO location. And in addition to this is the ability of the admin portal user to have the power to pre-configure the way the pre-remediations actions. Like having much control over the action that needs to be taken once there is detection of any anomaly's activity in the account.

August 21, 2023

Canny AI

Merged in a post:

exclude a user from MDR for Microsoft 365 licensing

Damien Mallon

Customers should have the options of what mailboxes they want monitored by Huntress. I have had many customers asking for this and its disappointing when I tell them its not currently possible.

A day ago

Yossi Leitner

Huntress Team, please comment on this.

It's extremely important to have this option. Clients don't want to have ITDR at all, because the lack of this feature.

Dom Shepherd

This would be a really good feature since sometimes licenses are required for an identity but the risk is so low (such as with shared mailboxes if they're completely disabled).

Teri Olson

We are running into the issue with schools as well. Would like to exclude A1 licenses in this case.

Peter Durand

Same problem for us as NW posted. Not only an issue for schools, but there can be reasons for small exclusions.

This is a mess for us.
I appreciate this one is difficult, as money needs to be made, but we have scenarios where admin teams, and not students, need monitoring (as one example)
Shared should not be billable.

Dom Shepherd

NW Agreed

Tamala'la Kohler'la

We also have a client where they are in a larger holding company tenant and would like to only monitor their domain mailboxes not all 6000 other users...

Alfie Parker

Tamala'la Kohler'la We have a similar issue. Would be nice to apply to a security group or similar.

Salley'la Auer'la

marked this post as

complete

Identity Isolation exclusions are live!

Disable Huntress Managed Response's Identity Isolation for your entire account, specific organizations or even select users. To configure, you'll find the option under your account settings :)

Salley'la Auer'la

marked this post as

in progress

First part of this is coming soon :)

Tanner Stine

Expanding on this, organizations using Proofpoint for email security would have mail rejected if an account is placed in a disabled or blocked sign-in state. Optional isolation actions on an organization level might be appropriate.

→