TEAM: Huntress Managed Identity Threat Detection and Response (ITDR, formerly MDR for Microsoft 365)
ENVIRONMENT: Huntress Portal
SUMMARY: The Direct Map method is used by partners to integrate their Microsoft 365 portals with the Huntress Managed ITDR tool. This method has low license requirements, and requires minimal permission configuration to run.
Prerequisites
- An admin level account user in the Huntress.io portal
- A Managed ITDR trial or Subscription
- An Exchange license in the Microsoft 365 tenant
- A Microsoft 365 User with:
- Global Admin privilege
- Audit Logs need to be enabled
- The Exchange Admin Role Group Organization Management must contain the following roles and have Exchange Administrator assigned as a member (this is the default Microsoft 365 configuration):
- Audit Logs, Mail Recipients, Organization Configuration, Transport Rules
- Role Management (this role is used to add missing roles from above)
- Huntress will attempt to add the missing roles to the Organization Management role group if it's detected they are missing.
During the onboarding process, Huntress will add the Service Principal for the "Huntress Security Platform (Direct)" Enterprise Registration to the Exchange Administrator and Organization Branding Administrator Entra built-in roles. If you are utilizing Privleged Identity Management (PIM) you will receive alerts notifying you of these changes.
The integration process takes approximately 2 Minutes per Microsoft 365 tenant.
Data may take up to 24 Hours to flow. Longer for legacy Tenants.
Activating the Microsoft 365 integration
[CRITICAL] At a minimum, Incognito/Private browsing, with no extensions, is required.
Due to ongoing browser changes, we recommend using a web browser container (e.g., Firefox).
Add the Microsoft 365 integration, if necessary
- Proceed to the integration tab. Then select the "Add" button and select Microsoft 365.
Select "Add Tenant Manually"
Choose the Huntress Organization to map the Microsoft 365 Tenant to.