We see CIPP as a critical control plane for MSPs managing Microsoft 365 at scale. Changes made in CIPP (standards updates, exclusions, tenant config overrides, identity/security settings) carry real risk if misused, misconfigured, or abused.

Surfacing CIPP change and risk signals directly in Huntress SIEM at the MSP level would enable centralized visibility, correlation, and alerting across all tenants. This helps partners detect unsafe or unexpected changes faster, understand blast radius, and respond from a single SIEM—turning configuration risk into actionable security signals.

Came here to ask this. Screenshot attached!