Managed ITDR (MDR for Microsoft 365)

On the 'All Installed Apps' page it would be valuable to filter based on permissions. This would enable a quick view of the apps with the highest permissions for quicker review.

Block ai recording and transcribing bots from being authorised in Entra and being added to Teams meetngs

newly onboarded client for ITDR had a rogue app incident that created an individual alert for each user that had access, can this be made as an single incident alert for the app and not the user. The users affected can be part of the report. luckily this client only had a few dozen users , and via API created a ticket in our ticketing system for each. if this was one of our clients with a few hundred users , this would have made the management of it intolerable and virtually unmanageable. Additionally, when one remediation was authorized , the app was removed from the tenant and each subsequent incident that was authorized for remediation showed as cancelled and caused confusion. I did contact support with questions and they did assist

It would be super helpful to have some additional context around the installed apps section of the ITDR portal. For example, if Huntress can determine the publisher of a particular installed app, it would be useful information to know so that it could be filtered out. It looks like Microsoft publishes a ton of apps that work in the background on Azure/M365, but they are not identified as Microsoft apps. At this point we could probably just filter those out and focus on the third party ones. Any additional information gathered would be super helpful too!

We would like to be able to add Enterprise apps to Rogue Apps for our own alerting, for example if we know the applications an old MSP has used for a new client, we can add it to alert for in their M365 environment and allow us to find and remove the leftover apps.