Team: Huntress Managed Identity Threat Detection & Response (ITDR)
Environment: Microsoft 365
Summary: This article explains what is included in the Huntress Identity Security Assessment Report for Microsoft 365.
The Huntress Identity Security Assessment Report gives you a clear snapshot of the identity landscape within a Microsoft 365 tenant. These reports automatically generate once a tenant has been integrated and highlight where attackers could be hiding, showing you the risks we’re monitoring, and any incidents our Security Operations Center (SOC) has investigated.
Unlike a simple posture score or rating, this report is a point-in-time snapshot of actual identity risks and suspicious activity. It’s a great way to show clients or prospects the value Huntress provides, and you can easily share it with them.
This is not currently available for Google Workspace.
In This Article
- Identity Assessment Overview Definitions
- Huntress Services Detailed in Assessment Reports
- Accessing and Running Reports
- Automatically Sending Reports
- Co-branding Reports and Adding Your Logo
- Sample Reports (Standard vs. Co-Branded)
What’s Covered in the Assessment
- Licenses and Entities: See how many identities exist in the tenant, which ones are billable, and where they’re logging in from. Attackers frequently exploit unused or unmonitored identities.
-
Rogue Applications: We’ll flag third-party or custom apps tied into Microsoft 365, especially any with elevated or risky permissions. There are two different kinds:
- Traitorware: Legitimate apps that are being misused by attackers.
- Stealthware: Custom OAuth apps that attackers build to persist inside a tenant.
- Shadow Workflows: We look for malicious inbox rules and workflows that attackers use to hide activity, often by auto-forwarding or deleting messages.
- Unwanted Access: Surfaces suspicious logins from unusual locations, on unmanaged devices, or through anonymizing services like VPNs. These are often signs of credential theft or session hijacking.
- SOC Findings & Containments: If our 24/7 AI-assisted SOC detects and confirms malicious activity, they’ll contain the threat, generate an incident report, and include their findings right here in the assessment.
How to Get Your Reports
Reports are automatically created after you integrate a Microsoft 365 tenant.
- Automatic Generation: The first report is created within 24 hours after a tenant has been successfully onboarded and authenticated. We'll email it to the user who integrated the tenant, and it will also appear on the tenant's page in the Huntress platform. This only applies to new ITDR integration or tenants, for existing ITDR integration/tenants see "Generate a report for an existing tenant" below.
- Regeneration: You can also contact Huntress support and request a manual regeneration to update the report.
Generate a report for an existing tenant
- Log in to Huntress and go to the Integrations page to select Microsoft 365
- From the Identity Providers Integrations portal, expand out the tenant with the report you would like to view
- Find the tenant you’d like to generate a report for, and click the three dot actions button at the end of the details page (after the Status).
- In the dropdown, choose Get Security Assessment
Co-branding Reports and Adding Your Logo
You can add your own logo and colors to the Identity Security Assessment Report. This makes it easy to share results with your clients under your own brand, powered by Huntress.
Just follow the steps in the Add Your Company Branding to Huntress Reports and Canaries article, and your logo will automatically appear on all future assessment reports.
Sample Reports
Want to see what a report looks like before generating your own? Feel free to download a sample copy at the end of this guide, or preview it here directly.
Huntress Branded