TEAM: Huntress Managed Identity Threat Detection and Response (ITDR, formerly MDR for Microsoft 365)
ENVIRONMENT: Huntress Portal
SUMMARY: Billable identities are user accounts that Huntress bills for as part of the Managed ITDR product. These accounts are actively being monitored, and protected by Huntress SOC.
What is considered a billable identity in Managed ITDR?
Huntress calculates billable identities by retrieving the list of all identities within a Microsoft 365 tenant, reviewing all licenses assigned to each identity, and tallying all identities which have any assigned license typically representative of "a human controlled identity" as a billable identity.
This methodology typically excludes unlicensed administrator accounts, shared mailboxes, room/resource mailboxes, device licenses, and more from billing, but most importantly not from protection. Our intention is to bill as close to "human controlled identities" as possible while protecting all identities within a tenant.
In an effort to provide a consistent billing experience that meets mutual expectations, Huntress continually reviews the licensing SKUs from Microsoft and excludes licenses from billing that are not in line with our methodology. There are ~800 unique SKUs in the Microsoft 365 offering which guarantees near certainty there's a license or two we're billing for that's not in line with our intentions. If you believe you've found a license that we shouldn't be billing for, please contact our support team or your account manager. We'll review the request as quickly as possible and exclude it from billing if deemed appropriate. You can find the most up to date list of licenses excluded from billing here.
Frequently asked questions about billable scenarios are at the bottom of this article.
Does Huntress have the ability to prevent some users within a tenant from being protected by Managed ITDR?
No, it is not possible to selectively exclude specific identities, or classes of identities, from protection. Microsoft does not selectively include or exclude specific identities in their audit logs, therefore logs for all identities within a tenant are consumed by Huntress when a tenant is onboarded to our Managed ITDR, regardless of billable status.
How can I see my billable count?
Within the Huntress Portal / Command Center
- Click on “Billable” in the Huntress Command Center Billable Identities Tile will bring you to a list of all billable users within your account:
-
Alternatively you can click on the "Organizations" tab at the top of the portal and one of the table columns will indicate how many billable Microsoft 365 users are in a given organization:
Programmatically
Billable licensing counts are available via our API using the billing reports endpoint. Documentation on utilizing the billing reports feature of our API can be found here.
Frequently Asked Questions: Billable Licensing Scenarios
Do you bill for shared mailboxes, distribution groups, Microsoft 365 groups, mail-enabled public folders, room mailboxes, or resource mailboxes?
No, as long as they do not have a valid billable license applied to it in Microsoft 365. Shared mailboxes with assigned licenses will count as a billable identity.
Do you bill for disabled users?
Yes, if the identity still has a valid billable license applied to it in Microsoft 365.
Do you bill for unlicensed administrative role or application service accounts?
No, as long as no valid billable license is assigned. Remember, these accounts are not excluded from protection.