Summary: Huntress updates detailed with features and bug fixes for all Huntress products
- Huntress Managed Endpoint Detection and Response (EDR)
- Huntress Managed Identity Threat Detection and Response (ITDR)
- Huntress Managed Security Awareness Training (SAT)
- Huntress Managed Security Information and Event Management (SIEM)
- Huntress Managed Endpoint Security Posture Management (ESPM)
- Huntress Managed Identity Security Posture Management (ISPM)
Table of Contents
2025 Jan Feb Apr May Jun Jul Aug Sep Oct Nov Dec
For 2021-2024, see Historical Huntress Agent and Platform Release Notes
Agent Version
Current release version*
Windows: 0.14.168
macOS: 0.14.166
Linux: 0.14.164
Rio (Windows service): 0.7.60
Rio (Linux service): 0.7.61
Agents are set to update automatically given the host is online, agent services are running, and the agent is able to check in to the Huntress portal. Additional action is generally not required to update an active agent. Hosts running an unsupported version of the agent will be marked as "Outdated" in the Huntress portal.
*In an attempt to limit the potential for mass outages or problems with Huntress services, we roll out agent releases in batches to monitor for unexpected agent update errors or compatibilities issues that were not detected during testing phases. As part of the batch roll outs, some devices may temporarily show a newer or older version than listed above. As rollouts complete, the version above will be updated to reflect the fully released versions.
Agent versions older than the below are considered outdated:
Windows: 0.14.24
macOS: 0.14.60
Linux: All versions are currently supported as of Jun 4, 2026, however, updating is encouraged.
Recent Release Information
Release Date: July 2026
ISPM
- Huntress Managed Identity Security Posture Management (ISPM) is now fully available for everyone. GA. Managed ISPM continuously hardens your Microsoft 365 environment, reducing attackers' opportunities to exploit misconfigurations and over-permissioned users.
Our Early Access program ran from March 1 to June 30, supporting thousands of partners worldwide.
SAT
- SAT Custom HTML Phishing is GA
Now that we've had partners and customers successfully use Custom HTML Scenarios in Huntress Managed SAT, we are ready to call it general availability. Early adopters are using it to spearphish employees with scenarios ranging from impersonating trusted vendors to using actual employee names and communication style. -
OSINT 2 Simulation is in GA
Our fifth simulation is now in general availability. This simulation will be accompanying July's managed learning assignment and will give learners a new and improved experience to learn the risks of oversharing online.
Release Date: June 2026
SIEM
-
AI Search for Huntress Managed SIEM has officially gone GA!
Searching through SIEM logs just got a whole lot easier. With AI Search, users can now search for logs using plain English instead of relying only on ESQL or the Query Builder. Even better, AI Search helps users learn as they go. After running a plain-English search, simply click the ESQL button to see how Huntress translated your query into an ESQL query.
ISPM
-
Additional Security Controls in Managed ISPM
Managed ISPM updates continue as we move towards General Availability on July 1.
In this set of updates:New Security Controls have been added for the following platforms:
SharePoint Online
An Idle session timeout for SharePoint and OneDrive is in place
Anonymous sharing links are blocked in SharePoint and OneDrive
User creation of SharePoint sites is blocked
Deleted user OneDrive content is retained for at least 90 daysMicrosoft Teams
Communication with unmanaged Teams should be blocked
Ensure the Organization can't communicate with accounts in trial Teams tenantsContinuous Enforcement Improvements
The following policies now support Continuous Enforcement with drift detection and auto-remediation.Ensure access to the Azure Management portal is restricted
Ensure unused device types are blocked
Ensure Guests are restricted from using Microsoft Office clients
Require frequent sign-in for Admins
Require MFA to register or join devices
-
Learning Mode for Conditional Access
We're simplifying and automating the entire experience of deploying Conditional Access policies. Learning Mode monitors the impact analysis each day and then identify individual identities who would be impacted by deploying the policy. At the end of the 14-day learning period, we'll provide detailed guidance on any remediations. If it's clear, you can go ahead and safely deploy the policy.
-
Managed ISPM: Enhanced Security Controls
Managed ISPM now support additional security controls to better protect our Microsoft 365 organizations. This will include:
Exchange Online
Exchange controls have been updated to include;
Ensure the Common Attachment Types Filter is enabled
Ensure notifications for internal users sending malware is Enabled
Ensure Exchange Online Spam Policies are set to notify administrators
Ensure that SPF records are published for all Exchange Domains
Teams
The foundation for Microsoft Teams controls has been added to ISPM and today marks the first control in place. With this foundation set, we can now ramp on adding additional controls.
Communication with unmanaged Teams should be disabled
SharePoint
The foundation for SharePoint Online and OneDrive for Business has also been added to ISPM. Today marks the first two controls in this space adding protection to business information stored in Microsoft 365.
Guest resharing of SharePoint and OneDrive files is disabled
Legacy authentication protocols are blocked for SharePoint and OneDrive
EDR:
-
The Microsoft Defender for Endpoint (MDE) integration now supports GCC High tenants
You can now onboard GCC High Microsoft Defender for Endpoint tenants!
By following the instructions in the KB article, the integration will route the login, Graph, and MDE API traffic to the correct GCC High.usendpoints.
This brings MDE into parity with ITDR for GCC High support and closes a product gap for customers who already have GCC High tenants mapped in ITDR but could not onboard those same tenants into MDE.From a customer-value perspective, this expands coverage for existing MDE customers with GCC High environments and removes a blocker for government and government-adjacent prospects that require GCC High support.
- Investigate Microsoft Defender activity in seconds with the redesigned Managed Antivirus dashboard
The redesigned Managed Antivirus dashboard puts recent Defender activity, the noisiest organizations, and the busiest endpoints right at your fingertips, making it easier and faster to see everything that Defender is doing to protect your endpoints.
What's new for you:-
Defender activity, at a glance. A new chart on the Managed Antivirus dashboard tracks blocked, quarantined, and removed files, with deltas so you can immediately see what changed. Toggle between the last 7 and last 30 days to catch spikes or trends fast.
-
A dedicated AV Events view. Jump into a new AV Events page that rolls up event severities and shows quarantined and removed file totals with details about the individual events.
-
Find the noisiest organizations first. A new "Top organizations with events" view at the account level shows you where Defender is most active, and one click takes you into that organization's own AV Events page.
-
Pinpoint the endpoints driving activity. "Top agents with events" surfaces the busiest endpoints at both the account and organization levels. Click any agent to open its event signals already filtered to that device so you can go from "something is up" to "here's the device" in two clicks.
-
Confirm new installs are compliant. A new "Recently installed agents" tab lets you verify at a glance that endpoints you just deployed are compliant with your account or organization's Defender configuration, without hunting for them across the fleet.
-
Configure Defender from the top of the page. The "Configure Defender" entry point (the most common action partners take here) is now front and center on the dashboard.
-
Defender activity, at a glance. A new chart on the Managed Antivirus dashboard tracks blocked, quarantined, and removed files, with deltas so you can immediately see what changed. Toggle between the last 7 and last 30 days to catch spikes or trends fast.
-
Huntress Managed EDR for macOS now ejects high-confidence deceptive installers, disrupting them before they can run:
- When the Huntress Agent for macOS identifies a mounted DMG as a deceptive installer, it will eject the volume before the bundled payload launches, giving you active disruption and protection against the infostealer malware commonly installed by these applications.
- When the auto-ejection occurs, the system user will receive a pop-up notification from Huntress informing them of the protective action we took to help guide them away from relaunching or accessing the malicious application.
- Once the deceptive installer disruption takes place, a signal is generated for the Huntress SOC to investigate and ensure that no other malicious activity has occurred on the endpoints.
- When the Huntress Agent for macOS identifies a mounted DMG as a deceptive installer, it will eject the volume before the bundled payload launches, giving you active disruption and protection against the infostealer malware commonly installed by these applications.
-
Huntress Managed EDR for macOS now surfaces risky Gatekeeper override commonly tied to infostealers:
- The Huntress Agent for macOS now detects when a user overrides Apple’s Gatekeeper protections to launch a quarantined or unsigned file, closing a key visibility gap in the macOS infostealer execution chain.
- Building on Huntress’s earlier Deceptive Installers work, this adds visibility into the user decision point between a suspicious DMG mount and payload execution, helping Huntress distinguish between a mounted installer that was merely opened and one where a user actually clicked through to run the file.
- When that Gatekeeper override is correlated with a Critical-scored Deceptive Installer from the same volume, Huntress produces a high-fidelity signal, increasing the likelihood of escalation before the malware runs.
- This coverage applies to macOS 14 and later, where Apple exposes the underlying Gatekeeper override event Huntress uses for this detection path.
- The Huntress Agent for macOS now detects when a user overrides Apple’s Gatekeeper protections to launch a quarantined or unsigned file, closing a key visibility gap in the macOS infostealer execution chain.
SAT:
-
Huntress Managed SAT audit logs are now in SIEM
Admin actions from the Huntress Managed SAT interface can now be reviewed and queried from the Huntress.io portal using the Huntress SIEM. -
New SAT Assignment PDF summary report
We now have a new and improved board/auditor/compliance team ready PDF report for SAT Assignments. To access, it simply drill down into the assignment and click the "Export to PDF" button. Inside you'll get:
* Details on the episodes and settings for the assignment
* The full list of learners who have completed the assignment with details on:
* Score
* Date completed
* Number of sessions
* The full list of learners who didn't complete the assignment -
Simulation OSINT 2 is in open beta
- The new simulation, OSINT 2, is now available for anyone to opt into via the learner portal. This simulation offers a fresh approach to experiencing what it's like to use open-source intelligence (OSINT) to compromise your target's account. Tip: Enable sound for the best experience.
- Thank you to all the closed beta participants who have provided us with invaluable feedback. We have made changes and are ready to open up the new simulation to anyone who wants to opt-in from the learner dashboard.
Platform:
-
Agent Write API
Partners can now automate more of their workflows using our expanded Agents API. The API now supports programmatic agent management, allowing users to uninstall agents, update tags, toggle tamper protection, and isolate or release hosts directly from their automation tools. See the API docs
___________________________________________________________________
Historical Release Notes
Release Date: May 2026
SAT:
-
Custom HTML Phishing Scenarios in open beta
We are now in open beta for customer and partner created custom HTML phishing scenarios. To create a new custom HTML scenario, simply go to the 'Library' tab -> Custom Phishing Scenarios and choose HTML (Advanced) -
SCORM export support is now in GA
Customers and partners who wish to consume SAT content in their own Learning Management Software (LMS) can now download the SCORM 1.2 compatible files directly within the portal.
SIEM:
-
macOS log source is GA!
- With this release, Huntress Managed SIEM now supports log collection across Windows, Linux, and macOS giving teams broader visibility across the operating systems their environments rely on every day.
-
SIEM Okta integration is now GA!
With this release, Huntress Managed SIEM now supports Okta as an identity and authentication log source, giving teams deeper visibility into the identity layer attackers love to target.- Even better: the Huntress SOC has detections built for Okta, helping identify identity-based attacks across key areas like credential attacks, privilege escalation, MFA bypass and fatigue, account takeover, and federated identity manipulation for organizations using Okta as their IdP or SSO provider.
ISPM:
-
Managed ISPM New Features and Security Controls
As we continue our drive to General Availability on July 1, the Managed ISPM product continues to add new features. This includes:-
New Security Controls for Exchange Online
- Connection Filter Should Not Bypass Spam Filtering
- Transport Rules Should Not Bypass Security Controls
- Block Exchange Forwarding
- Ensure MailTips are enabled
- Ensure External Flag is visible within Outlook
- Ensure Modern Authentication is enabled
- Ensure 'AuditDisabled' organizationally is set to 'False'
- Ensure SMTP AUTH is disabled
- Block Outlook External Storage Providers
- Ensure users installing Outlook add-ins is not allowed
- Block Exchange Calendar Sharing External
-
Learning Mode for Conditional Access
We're automating the entire experience of deploying Conditional Access policies in read-only mode. Monitoring the impact analysis everyday and then identifying any individual identities who would be impacted by deploying that policy. At the end of the learning period we can then provide detailed guidance on any remediations, or if it's all clear we can go ahead and deploy the policy. -
Accepting Risk
We heard you! Our Early Access partners let us know that there are always some organizations where a policy isn't relevant. You asked for the option to exclude that policy so that you don't have a non-compliant flag AND so that you don't receive escalations for those items. -
Incidents are now Platform Notifications
Thanks again to our amazing early access partners, we also heard you here and have smoothed the experience around flagging drift, non-compliant items and other platform updates. These have now been consolidated into Platform Notifications so that you do not need to acknowledge or resolve these updates as you normally do.
-
New Security Controls for Exchange Online
ITDR/ Platform:
-
You can now export ITDR Incident Report with Timeline!
Partners and Customers can now generate a PDF report of ITDR incidents with a timeline, data exfiltration and report summary to hand over to end-clients, auditors, and other 3rd parties.
Head over to the Incident report --> Timeline tab --> Click on "Export Timeline". A PDF will generate and be downloaded.
Platform:
-
ServiceNow ticket integration is GA
The ServiceNow ticket integration has exited open beta is now GA. Account admins can now configure any of the four notification categories to be delivered to ServiceNow. Documentation on how to configure ServiceNow is available. -
Webhooks for real time notification delivery now GA
Webhooks are now generally available to all Huntress accounts, letting partners receive real-time event notifications instead of polling the API. This unlocks faster ticketing, alerting, and automation workflows by pushing notifications and status changes directly into partner tools like PSAs, automation tools and Slack. Endpoints support signature verification for payload authenticity. -
Organization API update for reporting and dashboards
The GET Organization API endpoint now returns fields that cleanly separates statistics by product (SIEM, EDR, SAT, and ITDR), removing the ambiguity partners used to experience when using the API. It also provides data that previously required scraping the portal, including SIEM storage usage, EDR unresponsive/outdated/isolated agent counts, and per-tenant ITDR identity counts. The new data enables partners to more easily build dashboards and reports
Release Date: April 2026
ISPM:
-
Lock down Microsoft 365 identities with Managed ISPM, now in free Early Access for ITDR tenants
Huntress Managed Identity Security Posture Management (ISPM) is now in free Early Access for qualifying Huntress partners and customers using Managed ITDR in Microsoft 365. Managed ISPM continuously hardens your Microsoft 365 environment so attackers have fewer chances to abuse misconfigurations and over-permissioned users. Learn more here!- Eligible admins will see a new Managed ISPM Early Access experience in the Huntress portal and can self-enroll there.
- During Early Access, you get:
--Huntress-managed identity controls for Microsoft Entra ID. Protecting settings for MFA, admin accounts, passwords, standard users and guests.
--Conditional Access policy management along with recommended templates.
--Drift detection within minutes and Continuous Enforcement, so you stay aligned with best practices.
--The ability to quickly rollback changes if needed. - We’re focusing first on the misconfigurations attackers exploit most, using SOC insights from millions of identities so you can strengthen Microsoft 365 posture without building and maintaining your own baselines.
- Your feedback shapes what we build. Add requests in Canny for Managed ISPM or provide feedback to your Huntress Account Manager.
EDR:
-
Deceptive Installers: Huntress EDR now catches malicious macOS DMG installers that social engineer users into bypassing Gatekeeper
- Infostealers have been the most common new macOS malware family in 2024 and 2025. Commonly masquerading as legitimate pieces of software, they trick users into bypassing Gatekeeper, one of Apple's built-in security controls, with seemingly legitimate instructions. They are notoriously difficult to detect because, unlike other types of malware, they run once and leave very little trace of activity on the endpoint. No persistence, no lateral movement, no privilege escalation.
- The Huntress Agent for macOS now uses the malware's social engineering techniques against them by inspecting disk images at mount time and analyzing the embedded content for the hallmarks of a Gatekeeper-bypass lure. Using on-device Apple Vision OCR and other heuristics, the agent produces a weighted confidence score and surfaces high-severity detections to the Huntress SOC for triage and remediation, reducing the blast radius of successful infostealer campaigns.
-
EDR portal now displays the list of successful logon events on the endpoint
Huntress EDR portal page now displays the list of successful logon events on Windows endpoints. That allows the user to see who logged into the endpoint and when. In addition, the logon events show the type of logon (interactive, remote interactive, unlocked), user name, domain and security identifier (SID). -
Combating Vulnerable Drivers with EDR
Vulnerable Drivers (also known as Bring Your Own Vulnerable Driver, BYOVD) are one of the most common building blocks behind modern "EDR killer" tradecraft. Attackers can bring a legitimate, signed driver with a known flaw onto a system, then abuse it to gain kernel-level access, disable security tooling, tamper with protections, or evade detection before moving deeper into the environment.- Huntress Managed EDR leverages Microsoft’s Vulnerable Driver Block List (enabled by default on starting on Windows 11 22H2) to detect when Windows blocks a known vulnerable driver. Managed EDR will also make use of any custom implementations of the Vulnerable Driver Block List that may have been configured in an audit-only mode.
- That means earlier visibility into a technique that is often used before foothold expansion, lateral movement, ransomware, or data theft. It also gives your team more context for investigating how the driver got onto the endpoint and whether the activity was part of a larger intrusion.
If Windows has already blocked the driver from loading, the immediate risk is reduced, but the event should still be treated as suspicious. We would recommend that you remove the driver and investigate how it was introduced to the endpoint.
macOS:
-
Improved macOS Agent Setup Experience
The Huntress Configuration Wizard on macOS has been redesigned with a clearer, faster setup flow. What you will notice:- Everything in one place. All required setup steps — system extension approval, Full Disk Access, network filter — are now shown on a single scrollable page instead of navigating through a series of individual screens. You can see where you are, what's left, and what's already done at a glance.
- Steps unlock automatically. Each step becomes available once the previous one is complete, guiding you through the correct order without confusion.
- Inline guidance. Contextual instructions appear directly next to each step instead of in separate pop-up sheets. No more clicking through extra dialogs to find out what to do.
- Auto-completion. Once all required steps are done, the wizard automatically confirms success and scrolls to the completion screen — no extra button click needed.
- MDM-managed machines get a dedicated view. On endpoints where settings are pushed via MDM, the wizard now shows a focused summary of any steps still pending, with clear visual indicators, rather than displaying the full manual setup flow.
Platform:
-
Unwanted Access Rules API is now available
The Unwanted Access Rules API is now available, exposing endpoints to list, create, update, and delete rules that govern how Huntress responds to identity access attempts by country or VPN. Rules can be scoped to the account, an organization, or a specific identity with expected or unauthorized determinations and optional starts_at / expires_at schedules. This allows API users to automate managing ITDR unexpected access rules. See the API docs. -
Huntress MCP server is now available
- A new MCP endpoint that allows AI assistants like Claude and OpenAI Codex to query Huntress platform. The MCP server provides read only access to account information such as agents, organizations, signals, incident reports, escalations, remediations, invoices, reports and external recon.
- This allows for Huntress data to be seamlessly integrated into AI intelligence tools to provide Huntress data to non-technical users that wouldn't ordinarily be able to use the portal. See the support article on Connecting to the Huntress MCP Server.
-
New portal role available for users tasked with provisioning
We’ve introduced a new Provisioner role. This new role allows Account Admins to create users with permissions limited to onboarding and offboarding organizations. Designed for partner staff and API keys managing the organization lifecycle, this role ensures these tasks can be handled without granting access to security operations, billing, or account-wide settings.
SAT:
-
SCORM download support for Huntress Managed SAT (open beta)
Admins can now download SCORM exports of Huntress Managed SAT episodes to use in their own learning management systems. Please note that while we have tested this with a third-party LMS, we are still looking for additional validation from admins on success or challenges with their platform of choice, thus the feature is now in open beta. -
SAT Custom Content Creator - Import PDF is GA
The SAT Custom Content Creator has a feature allowing admins to upload a PDF containing an export of PowerPoint or Google Slides. This feature is now in GA. -
New Phishing Summary Report PDF is GA
The new phishing summary PDF is now available. To use it, go to any phishing campaign and click the "Summary Report" button. Inside, you'll see a new sankey chart along with a clean layout and detailed information. -
SAT episodes via self-service SCORM BETA
We are looking for customers and partners who have 3rd party LMSes in place to try our new self-service SCORM export functionality. These files are in SCORM 1.2 and have been tested in a few LMSes but we would like additional validation before going GA. Please reach out to Huntress Support or your Account Manager to be added.
SIEM:
-
LDAP Detection Enhanced Logging
To strengthen LDAP incident detection, we are enabling additional logging on SIEM domain controller endpoints. You can find details on the specific logging settings here. For more information about our approach to LDAP detection, read this blog.
Release Date: March 2026
ITDR:
-
Google Workspace is now in GA
- As of March 23rd, ITDR for Google Workspace is now in General Availability. If you haven't already, check it out! Onboarding and Troubleshooting documentation are available for all partners at this time.
- If you run into any issues as we start GA, please reach out to Huntress Support!
ESPM / ISPM:
-
Huntress Managed ESPM and ISPM are reaching Early Access (starting March 31st). For any questions about joining the early access program, please reach out to your Huntress Account Manager.
- You can view our Press Release and Blog for more information
SAT:
-
New content player with 1.25x and 1.5x speed is now GA
The new content player is now in general availability. New functionality includes the ability to customize closed captioning as well as playback at 1.25x and 1.5x speed. -
Standard Report download as CSV
The SAT Standard Reports (Phishing and Assignment) now have the option to download the data as CSV. The downloaded data will be filtered and sorted as it appears on the portal.
EDR:
-
Identifying Huntress Deployment Gaps with MDE (and other improvements)
We’ve refreshed the Microsoft Defender for Endpoint experience in the Command Center to make it easier to see whether your MDE tenants are healthy, where MDE is misconfigured, and where Huntress coverage is missing across your environments. Improvements include:- A clearer default widget state highlights the value of connecting Microsoft Defender for Endpoint and makes the next step more obvious, even before you’ve set up the integration.
- An improved “No MDE Data” state at the Organization level now uses clearer language and an alert icon to call out when MDE is configured but no endpoint data is flowing from Microsoft.
- A new Huntress Agent Device Discovery widget at both the Account and Organization level shows what percentage of MDE-managed endpoints also have the Huntress agent installed, with color-coded thresholds to quickly spot gaps.
- A new Tenant Health widget at the Account level summarizes MDE integration health across all Organizations so you can see at a glance which tenants need attention.
- A streamlined Microsoft Defender for Endpoint Agents widget keeps the same health states but simplifies the click-through paths and filters so you can get to the right endpoints and issues faster.
-
macOS 13 (Ventura) will be reaching End of Support on May 1, 2026.
-
That means no new features or upgrades, and no security updates will be applied. To get continued service, partners should consider upgrading to the latest macOS version.
-
SIEM
- AWS CloudTrail log source has officially gone live with an improved onboarding workflow.
- The Source Management -> Categories page now has information icon with links for each log source type that link to the appropriate support configuration guide. The icon for each log source type is to the right of the log source type name.
- The Huntress Linux agent now supports Syslog collection.
-
BitWarden HEC and Additional ES|QL Operators Released
BitWarden has officially adopted HEC for Cloud-to-Cloud SIEM integrations and we have now released a matching HEC integration for BitWarden Cloud. BitWarden locally hosted instances will still use the API integration. - We have released several new ES|QL operators and processors to support more versatile queries and more refined results.
Platform:
-
Neighborhood Watch license allocation now available in the API
We have updated the Huntress Accounts API endpoint to include the counts of neighborhood watch licenses applied to the account. This enhancement allows partners and resellers to programmatically retrieve the total number of Neighborhood Watch licenses allocated. Sample output is available in the API docs. -
New reseller API billing endpoints now available
We have introduced new endpoints to the Reseller API to facilitate programmatic access to billing data. These endpoints allow for the retrieval of a full invoice index, specific invoice details, and granular line-item breakdowns for both account-level and organization-level usage. The new endpoints enable resellers and distributors to automate billing of Huntress products without having to use spreadsheets and CSV files. -
Email integrations users can now opt out of resolved emails
Email integration destinations now include a "Send Resolved notifications" toggle that lets you stop receiving resolve emails for Incidents, Escalations, and Platform Actions. The setting works at both the global and per-category level — disable it globally to suppress all resolved emails, or use per-category overrides for more granular control. Existing integrations are unaffected and will continue sending resolved emails unless a user explicitly opts out. -
External Recon data is now available in the API (GA)Two new endpoints are available for querying external port data from Huntress External Recon scans: GET /v1/external_ports and GET /v1/external_ports/{id}. Each record includes the IP address, port, protocol, detected service, and a risky_service flag. Details are available in the API docs
-
Resellers can now manage subscriptions via API (GA)Resellers can now manage product subscriptions for their managed accounts programmatically via the new /v1/reseller/subscriptions endpoints. This includes creating, retrieving, updating, and upgrading subscriptions for any of the four Huntress products. Standard terms and pricing apply — contact your account admin for anything outside of that. More info is available in API docs
-
Support Help Widget is now available to external partners
The Support Help widget is an AI-powered, in-dashboard panel designed to streamline how partners access documentation, live chat, and ticketing. It replaces the legacy search experience with a unified, self-service interface while maintaining all existing all support contact channels. -
External Recon data is now available in the API
Two new endpoints are available for querying external port data from Huntress External Recon scans: GET /v1/external_ports and GET /v1/external_ports/{id}. Each record includes the IP address, port, protocol, detected service, and a risky_service flag. Details are available in the API docs. -
Resellers can now manage subscriptions via API
Resellers can now manage product subscriptions for their managed accounts programmatically via the new /v1/reseller/subscriptions endpoints. This includes creating, retrieving, updating, and upgrading subscriptions for any of the four Huntress products. Standard terms and pricing apply — contact your account admin for anything outside of that. More info is available in API docs. -
Email and PSA Subject Line Improvements
Email & PSA subjects now include the Huntress product name (EDR, ITDR, SIEM, ISPM, ESPM, SAT) and the organization name for easier filtering and automation.- Huntress [Product] [Severity] [Category] | [Description] ([Organization])
Example: Huntress EDR Critical Escalation | Suspicious Process on HOST01 (Acme Corp) - Product name applies to all notification categories (Incident Reports, Escalations, Platform Actions, Account Notices). Omitted when the product can't be determined.
- Organization name is new for Escalations and Platform Actions, matching the existing Incident Report convention. Omitted when the notification spans multiple organizations or has no org association.
Both changes affect email subjects and PSA ticket titles across all supported integrations. If you parse notification subjects for routing or automation, update your rules to account for the new format.
account admin for anything outside of that. More info is available in API docs.
- Huntress [Product] [Severity] [Category] | [Description] ([Organization])
-
Account admins can now get the monthly and quarterly report via email
Account Admins can now configure one or more email recipients to receive monthly and quarterly reports for the account. Previously the account level report was generated but it was able to be automatically emailed. The report page for the account now has a "Manage Recipients" button like the Organization level pages have.
Release Date: February 2026
Platform:
-
Notifications and integrations have been updated to better reflect how users want to interact with Incident Reports and Escalations.
Escalations have been split into multiple categories to align with how an operations team would respond to the information being sent to them. Along with the new categories email and PSA integrations have been improved to enable control over routing and mapping of notifications to tickets in the PSA. See all the details in this support article. -
User management API endpoint is now available
A new API endpoint has been released that allows for the listing, creation, deletion and update of users that are members of accounts and organizations. With the release of this new endpoint users are able to automate the lifecycle management of users that have access to Huntress. See the documentation for more information and code samples.
SAT:
-
Simulation 4: Smishing is in early access
Our 4th SAT simulation, Smishing, is now in an ungated early access phase. We've incorporated feedback from the closed beta and are now asking for folks to do a run through and provide us with feedback in the survey at the end. -
SAT "Report a Phish" Gmail now uploads complete message via API
Historically, the Gmail "Report a Phish" plugin performed the forward email action on reported messages. This is problematic because the forwarded message lacks complete headers.- In order to preserve the headers and deliver the complete reported message with all headers preserved, the SAT Gmail Report Phishing plugin will now transmit the message to us via API so we may forward it as an attachment. Note that the attached message will now show the learner as the recipient vs the sender of a forwarded email.
- In order to preserve the headers and deliver the complete reported message with all headers preserved, the SAT Gmail Report Phishing plugin will now transmit the message to us via API so we may forward it as an attachment. Note that the attached message will now show the learner as the recipient vs the sender of a forwarded email.
SIEM:
-
Updated Saved and Starter Query Loading Experience
We have released a major improvement to the user experience for exploring and loading Saved and Starter Queries directly within the SIEM Dashboard page.- You will now see a "Load Query" button that has replaced the "Starter Queries" button. Load Query will load a side-panel that gives users rapid, searchable access to all of their Saved Queries and Huntress provided Starter Queries. In addition, the Manage Queries page has been updated to include a dedicated tab for Starter Queries which offers an alternative location to load queries from outside of SIEM Dashboard.
-
Enhanced Windows Audit Logging Enforcement
Going forward, Huntress will automatically update your Windows Advanced Audit Policy settings to a secure logging baseline. For most partners, these settings are applied with no action needed. However, if any existing Group Policies on your endpoints override these settings, you'll need to update your Windows Group Policies with the recommended settings that are missing so that SIEM can receive all event data needed to detect and investigate suspicious activity.- To avoid notification fatigue as we fine-tune this interaction, we've introduced a test page in Source Management where you can track and resolve misconfigured policy settings. In the near future we'll be re-introducing Platform Action notifications that will help guide customers to take corrective actions to ensure complete logging where we detect gaps.
- To avoid notification fatigue as we fine-tune this interaction, we've introduced a test page in Source Management where you can track and resolve misconfigured policy settings. In the near future we'll be re-introducing Platform Action notifications that will help guide customers to take corrective actions to ensure complete logging where we detect gaps.
Release Date: January 2026
SAT:
-
Quarterly Managed Learning is now available.
All partners and customers are now able to enroll in quarterly managed learning which will assign a new episode in the first month of each quarter going forward. We will be enhancing functionality to enroll in the current quarter's managed learning in the near future. Note that managed phishing remains monthly only at this time.
EDR:
-
Linux EDR agent is now GA and available for partners and customers to install.
Platform:
-
Account and Organization Write APIs are now available
- The first new API allows for the creation, update and deletion of organizations. This enables the automation of many customer lifecycle activities eliminating the need to log into the portal to perform those actions. One example use case for this is API would be to use it in conjunction with an RMM tool to automate the onboarding of new organizations and deployment of EDR.
- The second new write API allows resellers to automate the onboarding and offboarding of accounts.
Release Date: December 2025
SAT:
-
New SAT API endpoints for reports
Huntress SAT has added reports to be used internally and externally. These endpoints empower developers to make better use of SAT reporting via API. - Import PDF in Custom Content Creator (Early Access)
Have you ever wanted to import your Google Slides or Microsoft PowerPoint deck into custom content creator in SAT? Now you can! Just export your existing deck to PDF and use the new feature to import some or all slides. You can then insert your own quiz questions, videos, and any other type of block. -
Standard Reports
The standard phishing and learning reports are now in General Availability. Expect enhancements to these reports in 2026 and please continue to provide us with feedback.
Platform:
-
HaloPSA integration now supports billing sync
The HaloPSA integration now supports syncing billing information from Huntress into the PSA. This enables users of HaloPSA to automatically update their PSA will usage information to automate billing of their customers. See the HaloPSA Billing Sync KB for more information.
Release Date: November 2025
SAT:
-
Standard reports in open early access
Huntress SAT now has two new reports in the Reports->Standard Reports tab. One allows you to track progress of learning by episode rather than assignment. The other gives insight into simulated phishing across all learners and campaigns. -
Gmail Report a Phish for SAT is in ungated early access (Early Access)
Google has approved the "Huntress SAT Report a Phish" button! It is now live in the marketplace and available to anyone who finds it. You are encouraged to share your feedback during this early access phase while we work out all features.
EDR:
-
Defender Exclusion Settings can now be edited to add additional endpoints and organizations.
When creating exclusion settings for Microsoft Defender Antivirus in the Huntress Portal you can now add individual endpoints and organizations to already existing exclusion settings. This saves time by removing the need to create new exclusion settings when a new endpoint or organization is onboarded.
Platform:
-
The threat report can be configured to be generated in one of four languages
Portal administrators can now set the language of the threat report. Changing the setting will result in the report for the account and all organizations being generated in the selected language. The reports can be configured to be generated in English, Dutch, French or Spanish. The default is English. To change the language click the hamburger menu in the upper left corner, choose settings and then select the desired language from the drop down in the Brand Settings section. Once the setting is changed all future reports will be generated in the selected language. -
The Huntress portal now supports dark mode!
All pages now have a modern and sleek dark theme that is easy on the eyes. Portal users are able to switch between dark and light mode by clicking the gear icon in the upper right corner and selecting their preferred mode. - Escalation and Incident Report response APIs are available.
Huntress is proud to announce the release of several new APIs including the first set of write APIs! The first is an Escalation API that allows for the listing of escalations, getting the details of a specific escalation and an API endpoint that allows for resolution of the most common escalations. The second new API endpoint is an Incident Report endpoint that allows for the approval or rejection of remediations and resolving incident reports. See the API documentation for details and sample data.
Release Date: October 2025
SAT:
-
General Manager feature is in GA for SAT (GA)
Huntress Managed SAT has a new capability that grants someone access to a real time report showing assignment and phishing data on all learners in an organization without giving them access to any administrative tools. This is just like the real-time manager report but is expanded include all employees.
To enable this feature, go to the 'Learners' list, drill down into the specific learner you want to designate as general manager, and flip the toggle on "General Manager View". That learner will now see a new "Manager Report" in their learner portal with in-progress assignments and phishing. -
New "Image" slide type in SAT custom content creator (GA)
The custom content creator now has a new slide type specifically for images that take up the entire slide such as screenshots or exported images from other presentations. The slide maintains aspect ratio and doesn't crop the image when resized. The slide type is available to all users. -
Our third simulation, Passwords, is now in general availability (GA)
This means that learners will now see this simulation in the "Simulations" area of the learner portal and everyone assigned "Passwords 2" either as a managed learning assignment for November or manually assigned will be encouraged to take part. -
SCIM support for SAT learner sync is now GA.
SCIM is an open standard for identity sync. SAT now supports SCIM and beta participants have successfully set up up learner sync with Entra, Entra in GCC-High environments, and Okta. Configuration guide here.
EDR:
-
Windows - Tamper Protection: Auto-remediate Windows firewall rules targeting Huntress (GA)
Hackers are always trying to find ways to stop us from doing our jobs. We've seen an increasing number of open source tools (e.g. https://github.com/netero1010/EDRSilencer and https://github.com/wavestone-cdt/EDRSandblast (EDRStandblast)) that take a rather brazen approach and use the Windows Firewall to block network communications required for security tools to operate properly.
Starting with EDR Agent (Rio) version 0.7.32, we will automatically detect and rollback Windows Firewall rules that attempt to block our agent as well as Windows Defender. On top of that, we will also generate a Signal for the SOC to investigate to make sure we kick the bad guys completely out of the environment.
Jonathan Johnson spoke about this on the October 2025 Product Lab episode but you can also read some of his research in https://www.huntress.com/blog/silencing-the-edr-silencers!
SIEM:
-
SIEM - New Managed SIEM Source - Azure Event Hub (GA)
Huntress Managed SIEM now supports integration with Microsoft's Azure Event Hub - a gateway service for sending logs from Azure applications and services to third parties.- Important Notes:
• The integration is an API based connection from Huntress to Azure which enables the collection of Azure application and service logs. The integration itself is not a billable log source.
• Configured sources that are sent to Azure Event Hub for collection by Huntress are billable log sources. This means that you may have multiple billable log sources in a single Azure Event Hub integration, depending on how many sources you send.
- Important Notes:
Configuration guides:
• https://support.huntress.io/hc/en-us/articles/44270221527187-API-Azure-Event-Hub (Azure Event Hub Integration Configuration)
• https://support.huntress.io/hc/en-us/articles/44270591946387-API-Azure-Event-Hub-Adding-Sources (Azure Event Hub Adding Sources)
-
New Managed SIEM Source - NinjaOne RMM (GA)
Huntress Managed SIEM now supports the collection of NinjaOne NinjaRMM logs via HEC. As NinjaRMM is not inherently a threat detection or prevention source, we are still evaluating its logs for detection opportunities. However, the integration provides compliance and operational value.
Configuration guides:
• https://support.huntress.io/hc/en-us/articles/45192294350483-HEC-NinjaRMM (KB Configuration Guide)
◦ https://support.huntress.io/hc/en-us/articles/36169678734867-Collecting-HEC-HTTP-Event-Collector-Sources (General Huntress Managed SIEM HEC Configuration)
◦ https://www.ninjaone.com/blog/ninjaone-com-blog-send-ninjaone-webhooks-via-siem/ (NinjaOne Webhook for HEC Configuration)
Platform:
-
Automated Remediations are now enabled for all new Accounts!
All new Huntress Accounts now have Active Remediations enabled by default.- This means our Assisted Remediations will run automatically, significantly reducing the time from delivering an Incident Report to applying Assisted Remediations.
- All new Accounts will have automated remediations enabled out-of-the-box, which means additional protections start right away.
Release Date: September 2025
Features:
SAT:
-
Google API insertion for SAT
The Google API insertion for SAT transactional and phishing emails is now in general availability! -
Ability to complete assignment post end date
Partners and customers like the ability to set a deadline and have manager reminders letting people know that a deadline is coming up but some assignments (such as those with compliance requirements like HIPAA or PCI) must be completed by 100% of the company. Now, they can mark an assignment to allow learners to complete it even after the deadline (and for up to 1 year.) Reminders will continue to be sent and will say that the assignment is now X days past due. -
Report phishing button for Outlook is in GA
The taskpane and ribbon buttons to report phishing to Huntress SAT are now in general availability.
Platform:
-
New organization selector
The new organization selector is available for all accounts. The beta customers that tested the new navigation and organization selector provided overwhelmingly positive feedback! -
Account admins can now create API keys for users
Previously an account could have only one API key. This feature allows for an account to have multiple API keys. The keys are associated with a user and mirror the permissions of the user they are associated with. Accounts can continue to use their existing API keys or a combination of the user assigned keys and the account key. New capabilities such as write access, when available, will only be supported on the user assigned keys.
SIEM:
-
GA Release of SentinelOne as a Log Source
Huntress Managed SIEM is please to announce the release of the SentinelOne log source. The KB configuration guide can be found here.
Release Date: August 2025
Features:
Platform:
-
PSA integrations now allow tickets that failed to send to be resent
Partners can now see errors returned by PSA ticketing integrations as well as resend tickets that failed using the portal. See the attached Loom video for a demo. -
Core Platform - New API documentation page
The API documentation page has been updated with a number of new features that address feedback we have received from partners:
• The ability to generate sample API commands in many new languages included PowerShell
• Dark mode
• Simplified navigation
• A link to the OpenAPI file on the top of the main page
EDR:
-
Windows - Updated Windows Firewall status now shows detailed information about the status of all three main profiles
Now Windows Firewall status on the endpoint details page shows the status for three main profiles - domain, private and public - allowing the user to see the status of the profile and the associated firewall. -
macOS - Mac Tamper Protection is live!
Mac Tamper Protection has been turned on for all endpoints! This feature protects the Huntress app, Huntress system extension, and other important Huntress files against being deleted, moved, or renamed (any of which could interrupt service). Endpoints will turn on Tamper Protection as soon as they check in and get the updated status.
SAT:
-
Support for alternate email addresses and email changes in SAT
We've updated the architecture back-end of SAT with two major changes:
1. We now use learners' immutable IDs in their various directory systems rather than email address as primary ID. This allows for updates to email addresses in cases where someone changes their email address (such as in marital status changes.)
2. We now support alternate email addresses on directory sync. This allows someone to report phishing from an alias associated with their account.
Release Date: July 2025
Features:
Platform:
-
Signals visible in the portal are now available in the API
The Huntress API has been updated to add a new Signals API endpoint. The API allows partners to programmatically fetch signals that are shown in the Huntress portal. This enables partners to incorporate data from signals into their workflows and automated processes.Documentation and usage examples are available in the portal.
https://api.huntress.io/docs#signals
https://api.huntress.io/docs/preview#!/v1/getV1Signals -
Audit logging for the portal is now available
Audit logging for portal actions is now live! This feature uses the Huntress SIEM interface to capture changes made in the Huntress portal. -
SOC Platform - Partners now have visibility into full incident report history.
When we update an incident report, customers will see a report history in the event the original report has been updated.
◦ The latest report is always on top.
◦ Past versions of the report are visible below the latest report.
SAT:
-
SAT now shows approximate time to complete an episode in learner portal and notifications
Learners will now see an approximate time to complete an episode in the learner portal and notifications. The time is set by a human but is based on our instrumentation using real learner's mean time to complete an episode. Custom content now also has an option to manually set approximate time to complete in Settings-> General. -
Improved SAT admin creation workflow
New admin onboarding has been improved for those using the http://MyCurricula.com portal (as opposed to http://Huntress.io.)
1. MSP Admin creation now includes partner permissions in the creation modal rather than having to go back to edit the admin after creation.
2. Both MSP and standalone account admins now get a password reset email that is valid for 1 week as part of their welcome message rather than having to trigger that as a second step. -
Improved SAT Phishing UI and clearer filters
We've made improvements to how we show phishing campaign details in response to feedback from admins.
1. Admins of the platform found the old filters that filtered by the 'furthest status' confusing so we now filter on whether the learner entered that status. Eg - before, "Opened" would show learners who opened the email but didn't click. Now it will show everyone who opened regardless of what they did afterwards.
2. We also implemented a new timeline-like view of events with hover-over details. -
Simulation 2: Spear Phishing is now in GA
Our second simulation, paired with the "Spear Phishing 2" episode is now in GA. Learners will see this as an optional activity after completing the episode as well as in the "Assignments" area. Admins can also preview the simulation in the library.
-
Ability to mark episodes as completed - aka MVP of "Together mode learning"
It can be tough to get each learner to log in and complete assignments individually. Now, admins can bring learners together in person or in a screen-shared virtual session, complete the training together, and mark everyone as completed in the portal. A note is required when applying this and there will be an (i) icon next to manually marked completions that shows who marked it, when, and the note attached. See the Manually Mark Episodes as Completed knowledgebase for more info.
Release Date: June 2025
Features:
Platform:
-
Incident Report based automatize SAT assignment recommendations.
For existing SAT subscribers, who get an EDR or ITDR Incident Report, we will now automatically recommend the corresponding SAT episode(s) that help them prevent/inform about the threat - directly in the Incident Report! A new tab called 'Recommendations' will list the suggested episode(s) and this can be one-click assigned from the report itself + tracked in the SAT portal for completion! -
SOC Platform - Portal UX changes for faster engagement with SOC Support
We have made portal UI changes so that it’s super-easy to request SOC support including PHONE callback, by:• Showing a SOC support button on the portal Incident triage feed for quicker requests during panic situations
• Showing a portal banner when a callback request is in process to all users
• Allowing quick re-requests for callbacks once current engagement is over
• Adding a deep link into the text version of the Incident report so partners can request support from within their PSA/ticketing integrations
SAT:
-
Managed Learning settings at sub-account level.
Historically, MSPs had a limitation that all customers using Huntress Managed Learning had to have the same settings including notifications and manager reminders. We have now released the capability to set a customer sub-account to use their own setting in order to allow for greater flexibility. -
SAT simulated phishing support for learner time zone
Huntress Managed Phishing and self-managed phishing can now support delivery of simulated phishing metrics during business hours (9 AM - 5 PM) in the learners' local time zone. This is valuable because it has a higher likelihood of the learner seeing the email and making the decision to ignore, interact with, or report the message.
Release Date: May 2025
Features:
SAT:
-
Managed Phishing now supports Australia and UK specific campaigns in addition to global.
June's Huntress Managed Phishing will have two scenarios that are chosen for Australia, two for those in the UK, and two for the rest of the world. This allows us to better prepare learners in those regions for actual phishing emails and real world threats. To enable this for learners one must have the country field defined for them manually or using one of our integration providers. Those without Australia or UK in the country field will receive the Global scenarios. -
Outlook Taskpane button for Classic, Web, Mobile is in beta
While most SAT customers and partners redirect the built-in report phishing button, many want a custom button. We got feedback previously released ribbon button didn't work with Outlook Classic and that many users prefer the classic experience, so a task pane option has been added! - SAT rebrand. SAT, formally called Curricula, will now be listed as "Huntress, formerly Curricula." No sending domains are changing.
-
SAT GMail API Insertion is in beta. We can now deposit messages directly into Google Workspace/GMail integration using API insertion which means that:
1. We can bypass email transport based email security tools
2. Transactional messages can now have custom sender name and email address
macOS:
-
Huntress now offers basic managed antivirus for macOS. Huntress EDR for macOS now has visibility into XProtect detections! XProtect is the basic antivirus built into macOS, and today, Huntress is able to trigger very high-fidelity signals based on XProtect detections. Signals can be seen on a new Antivirus page on Mac agent detail pages in the Huntress portal.
Also released is a very basic Microsoft Defender integration, which is also able to generate signals based on Defender detections. In addition, the Antivirus page is capable of showing the status of Defender in the Huntress portal, as well as allowing some basic control, such as requesting a Defender scan or database update.
Platform:
- MAV Signal Correlation Support. This release introduces correlation signals designed to detect bursts of Managed Antivirus (MAV) activity within short timeframes. These detections trigger when the number of MAV signals exceeds a defined threshold within a specified time window.
- The report API is now able to return the values contained in the PDF. The report API previously only returned a link to the PDF. The API has been updated to return the raw values contained in the report so that users are able to import that data into dashboards and reports. The API documentation has been updated to reflect the new values.
- Autotask PSA integration is now GA. Autotask PSA integration has existed beta and is now GA! Partners can now configure incident reports and billing information to be populated in their instance of Autotask.
-
SAT & SIEM billing information is now available in ConnectWise, Autotask & API. SIEM & SAT usage data are now included in billing information sent to Autotask and ConnectWise billing integrations. Partners who have configured their integration prior to April 29th will need to update the mapping in the portal to propagate the counts to their PSA. The counts are also available in the Organizations API.
Release Date: April 2025
Features:
macOS
- macOS 12 Monterey End of Support Notification. While the Huntress Agent will continue to run for now as a legacy agent, you will not be able to install Huntress on macOS 12 machines after Huntress version 0.14.16, and Huntress will only be able to provide "best-effort" support. Huntress continues to support versions 13, 14, and 15.1+. We would strongly recommend updating to the latest OS as soon as possible to ensure continued security updates from Apple.
Platform:
- SOC Platform - Partners can now leave comments on Incident Reports. Partners can now comment on Incident Reports! This is useful when partner techs use our portal to triage incidents and want to leave context for other partner techs on an incident - whether due to a shift change, long running investigation, a ticket number or just for additional context. This feature is one-way for internal partner use only and is not responded to by Huntress SOC or Support teams.
SAT:
- SAT Microsoft Teams integration is in GA. We've now gathered enough data with thousands of Microsoft Teams messages successfully delivered in 'Early Access' and are excited to officially move that feature to general availability (GA).
SIEM
- Huntress Managed SIEM Now Uses Custom Syslog Collection Ports. Huntress Managed SIEM now has the ability to assign custom syslog collection ports during configuration. This allows users to flexibly deploy the Huntress SIEM agent in environments with existing syslog collectors or where other applications are utilizing the default syslog port of 514.
Release Date: February 2025
Features:
EDR:
-
Mac Configuration Wizard released!
Deployment of Mac agents requires some extra work after installation, due to Apple requirements. Partners are often unaware of these requirements. This release provides a Wizard - integrated into the Huntress app in the Applications folder - that can help walk through the configuration process for manual installs or installs via RMM, with the goal of ensuring our partners are fully protected. -
Improvements to Mac status visibility in the Huntress Platform
• A warning banner was added if there is at least one Mac endpoint with EDR not fully configured
• A new macOS Fleet Readiness widget has replaced the old macOS Status widget in the Command Center, making it easier to see the enablement status of all Huntress Agents for macOS at a glance
• The macOS Fleet Readiness widget has been moved higher in the Command Center to ensure it is visible without scrolling
Security Awareness Training (SAT)
-
SAT Assignments UX Improvement
We've made enhancements to the admin experience when choosing episodes for a new assignment:
1. It now defaults to newest episode first
2. You can now sort episodes for newest to oldest or oldest to newest
3. You can now filter for All Episodes, Custom only, Curricula Originals only
4. There is now search/filter by name and episode description. -
Microsoft Teams notifications for SAT are in ungated early access
Partners and customers have been asking for notifications in Microsoft Teams rather than email or Slack. This feature has been successfully validated in a private preview and is now in the open 'early access' phase of our product lifecycle. In other words, we are confident in the functionality but still want to encourage feedback on additional functionality.
Bug Fixes:
- N/A
Release Date: January 2025
Features:
EDR:
-
Defender Exclusion Management and Detection
We’ve done more work to notify partners of the conflicts and raise awareness around conflicting management between partner tools (GPO / PowerShell) and Huntress management tools. Huntress has also unified the management of exclusion at all levels (account, organization, and agent) into a single UI. This new UI also allows partners to view the prevalence of an exclusion across their fleet.
Security Awareness Training (SAT)
-
Huntress Managed Learning launch time is now configurable
Historically, all Huntress Managed Learning Assignments went out at the same time. This new feature allows admins to configure the time of day the enrollment goes out in their own time zone. This is particularly useful for customers and partners in Europe, Australia, and New Zealand. To configure this go to Assignments -> Learning plan and hit the gear icon in the upper-right area.
-
SAT MSP Phishing UI: Group by campaign
The multitenant 'Phishing' UI is powerful in showing all MSP level and customer level phishing campaigns in one view - however it can be overwhelming when each multitenant campaign shows each customer as a row. Now, admins can use the "Group by Campaign" toggle to collapse all the child campaigns into a single row.
Bug Fixes:
- N/A