Team: ITDR
Product: Microsoft 365, Google Workspace
Environment: Huntress Platform
Summary: Learn how Huntress calculates billable and non-billable identities across Microsoft 365 and Google Workspace to keep your costs predictable.
In this Article
Overview
Huntress primarily bills for unique, human-controlled identities. Whether an identity is billable or not, successfully onboarded identities receive active monitoring and protection from the SOC. Under special circumstances, Huntress can exclude student identities from both billing and protection at a partner's request. This methodology makes sure you only pay for active human users while maintaining 24/7 protection across your entire identity ecosystem.
Billing Methodology
Huntress calculates billable identities by reviewing all identities in an onboarded Microsoft 365 or Google Workspace environment and evaluating their billing status based on license and identity mapping data. We bill identities that represent human-controlled users and mark certain identities as Not Billed when they meet exclusion criteria.
Billable Identities
Any unique account assigned to a real person that uses a standard, human-facing license (such as Microsoft 365 Business Premium or Google Workspace Enterprise). If a human operates the account to perform daily work, it is billable.
Non-billable Identities
An identity is marked as Not Billed if it meets this criteria:
It is a linked identity across Microsoft 365 and Google Workspace that maps to the same Huntress email address, or it has a license or account type that Huntress excludes from billing. This typically includes shared mailboxes without an assigned billable license, room or resource mailboxes, unlicensed administrator accounts, device licenses, and specific EDU licenses.
The Huntress SOC actively monitors and protects both account types. You receive comprehensive security coverage across your entire tenant, but you only pay for your actual human footprint.
Common Billing Classifications
Review this baseline breakdown to see how Huntress classifies common cloud infrastructure accounts:
| Account Type | Billing Status | Security Status |
|---|---|---|
| Standard Employee Account | Billable | Actively Protected |
| Shared Mailbox (Unlicensed) | Non-billable | Actively Protected |
| Shared Mailbox (With Paid License) | Billable | Actively Protected |
| Room or Resource Mailbox | Non-billable | Actively Protected |
| Unlicensed Admin Account | Non-billable | Actively Protected |
| Disabled/Suspended User (With License) | Billable | Actively Protected |
Important
Microsoft 365 offers approximately 800 unique SKUs, which means we might occasionally encounter an unusual license that misaligns with our default logic. You can find a list of our current excluded licenses here. If you identify an account you believe we incorrectly billed, contact your account manager to initiate a SKU review. If you need assistance getting in touch with your account manager, reach out to Huntress Support.
View Your Billable Identity Count
You can view or configure your billable identity counts in the Huntress Platform in three ways:
From the Command Center
- Log in to Huntress and view the Command Center dashboard.
- Locate the Billable Identities tile to see your total count.
From the Identities Page
- Log in to Huntress and click the Identities tab in the left-hand navigation menu.
- Use the filter to select Billable or Not Billed to see the breakdown of users in your environment.
Programmatically via API
Billable licensing counts are available programmatically using the billing reports endpoint in our API. For full setup instructions, review our API Billing Reports documentation.
Frequently Asked Questions
Can Huntress prevent specific users from being protected by Managed ITDR?
No. You cannot selectively exclude specific identities from protection. Identity providers do not selectively exclude identities from their audit logs; therefore, Huntress monitors all identities within an onboarded environment, regardless of their billable status.
Do you bill for shared mailboxes, distribution groups, Microsoft 365 groups, mail-enabled public folders, room mailboxes, or resource mailboxes?
No, for Microsoft 365, as long as they do not have a valid billable license applied. Shared mailboxes with an assigned billable license count as a billable identity.
Do you bill for disabled or suspended users?
Yes. Disabled Microsoft 365 identities and suspended Google Workspace identities are still billed if they retain a valid billable license. For Google Workspace, archived identities are not billed.
Do you bill for unlicensed administrative roles or application service accounts?
No, as long as no valid billable license is assigned. These accounts are still actively protected by our SOC.
Do you bill the same user twice if they exist in both Microsoft 365 and Google Workspace?
No. If the same person exists in both Microsoft 365 and Google Workspace, and both identities are mapped to the same Huntress organization by email address, Huntress bills only one identity for that user. For example, bob@company.co (MSFT) and bob@company.co (GWS) will count as a single billable identity. In order for this de-duplication to occur, the M365 and GWS tenants must be mapped to the same Huntress organization, and the email addresses must be identical.