Huntress Managed ESPM (Early Access) Readiness, Requirements, and FAQ

TEAM: Huntress Managed Endpoint Detection and Response (EDR), SIEM
PRODUCT: Huntress ESPM 
ENVIRONMENT: Windows Only
SUMMARY: How to prepare and enroll for Early Access into ESPM (Endpoint Security Posture Management)

When will Early Access Start?

Early access enrollment will start on March 31, 2026

Requirements

• Huntress SIEM services are currently required for Early Access. 
  • Specifically, Windows Event Logs (WEL) must be collected for any endpoint to be enrolled in ESPM EA.
    • Enabling and Collecting Microsoft Windows Event Logs (WEL)
• Supported Operating Systems
  • Windows - Professional, Enterprise, Education, and Education/SE. - Home is currently not supported.
    • Windows 10 patch 1903+ 32-bit and 64-bit
    • Windows 11 32-bit and 64-bit
    • Server 2022+
• [Coming soon!] Microsoft Defender for Endpoint for Vulnerability Visibility. 
  • The versions of MDE that will support Vulnerability Management are:
    • Defender for Endpoint Plan 2
      • “Microsoft Defender for Endpoint P2 is available as a standalone license and as part of the following plans:
        • Windows 11 Enterprise E5/A5
        • Windows 10 Enterprise E5/A5
        • Microsoft 365 E5/A5/G5 (which includes Windows 10 or Windows 11 Enterprise E5)
        • Microsoft Defender Suite/EDU/GOV/FLW
        • Microsoft Defender + Purview Suite FLW”
    • Microsoft Defender Vulnerability Management
    • Microsoft Defender for Servers P1

Due to the nature of how our ESPM product functions, other security vendors may falsely flag the Huntress Agent as malicious once ESPM is deployed. Before enrolling in ESPM, please configure your third-party security tools to allow Huntress. Following the Allow List Huntress in Third Party Software guide beforehand will prevent potential software conflicts. 

How to enroll in Early Access

Reach out to your account manager directly, or contact Huntress Support, and we'll direct your request over to your Account Manager.

How ESPM works

• What are the ESPM capabilities and features being launched with EA?
  • Application Control - in development
  • Vulnerability Visibility (via Microsoft Defender for Endpoint)
  • Dashboards and Reporting
• How will Application Control work?
  • At EA, Application Control will focus on two capabilities:
    • auditing applications on endpoints with the intent to configure policies to allow known-good applications.
    • blocking unwanted RMM tools
  • In the future, policies will be configurable at the account, organization, and host levels.

• Will I be able to apply App Control policies at different levels?

  Yes, as we progress through the EA period and into GA, policies will be available at the following levels: 

  • Account
  • Organizations
  • Host / Endpoint

How to Enable and Disable ESPM for an Organization

Enablement

1. Log in to the Huntress Dashboard
2. Select the ESPM button from the Icon bar on the left side of the screen. 
3. Select Settings
   1. By Default, Account Settings will be set to disabled. 
4. To enable an orginization, select the + Add Organization Overide button. Override functionality allows you to override the Account-level settings to enable/disable ESPM for specific organizations without impacting the entire account.
5. In the Organization drop-down menu, select the organization for which you would like it enabled
6. Under Settings, select enabled
7. Select the Save button.

Disablement

1. Log in to the Huntress Dashboard
2. Select the ESPM button from the Icon bar on the left side of the screen. 
3. Select Settings
   1. By Default, Account Settings will be set to disabled. 
4. To Disable an orginization, select the "Remove Override" button located next to the organization.
5. Confirm in the pop-up window that you would like to remove the Override to disable ESPM for a specific organization. 

Frequently Asked Questions (FAQ)

• When will ESPM be Generally Available?
  • The specific date is to be determined. 
• Is this a new product or an add-on?
  • ESPM is a net-new product.
• Is Linux or Mac Supported?
  • No. Linux and Mac are currently not supported. We want to focus on our Windows launch before pursuing other operating systems. 
• How should I report any bugs to the ESPM team?
  • Reach out to your Account Manager with any bugs you may encounter. 
• How does an EA participant provide feedback or request a new feature on their Managed ESPM experience?
  • Submit feedback/feature requests to https://feedback.huntress.com/espm
• I am not seeing any ESPM data. Is there an issue?
  •  ESPM data does currently require a restart to see the RMM services.  We will not be able to establish the initial connection until either the Endpoint/Host/Agent or the RMM is restarted. 
    • The First thing to check is that you meet the above minimum requirements, that WEL is enabled, and that SIEM data is being sent. 
    • The second thing to do is to attempt to either restart the Endpoint or the RMMs services. 
    • It can take up to 24 hours, but the process can be sped up by the bullet point listed above.