Team: Huntress Managed Identity Security Posture Management (ISPM)
Product: Microsoft 365, Microsoft Entra ID
Environment: Huntress Platform
Summary: Learn how to disable Continuous Enforcement and roll back an applied security control or Conditional Access policy (CAP) if it causes sign-in issues.
In this Article
Overview
Roll Back a Security Control
Important Notes
When to Contact Support
Overview
If you recently applied a policy and can't sign in to Microsoft 365, you might need to roll back the change.
Fortunately, Huntress stores the previous state of managed security controls before deployment. This safety feature allows supported controls to be rolled back quickly if a change causes an unexpected issue.
Before modifying or reverting a managed setting, you must disable Continuous Enforcement for that control. When this feature is active, Huntress prevents manual edits to keep your configuration secure.
Roll Back a Security Control
Follow these steps to disable Continuous Enforcement and revert a problematic policy. Make sure to review the ISPM Actions audit log if you are unsure which control caused the access issue.
Log in to Huntress and go to ISPM > Security Controls.
On the Security Controls page, locate the control or Conditional Access policy (CAP) you recently deployed.
In the control row, click View to open its settings window.
In the settings window, turn Continuous Enforcement off.
On the control menu, click Actions.
From the drop-down menu, select Revert Security Setting to restore the previous state.
If you need to stop a policy immediately, go to the related Conditional Access policy page and disable it.
Wait 15 to 30 minutes for Microsoft propagation before testing your accounts again.
Open a new private browser session and log in to verify the lockout is resolved.
Continuous Enforcement must remain off while you are troubleshooting or making manual adjustments to the affected setting.
Important Notes
Disabling ISPM alone will not undo prior policy changes already applied in Microsoft 365. Security controls already deployed remain active within the tenant unless you manually roll them back.
When access is restored, you can decide whether to re-enable Continuous Enforcement. Re-enabling this feature helps maintain your desired security posture safely.
When to Contact Support
The Huntress Support team is available to assist if you encounter issues during the rollback process. Reach out immediately if you experience any of the following scenarios:
You are not sure which control caused the access issue.
You can't access the Huntress Platform with an unaffected administrator account.
The lockout continues after the rollback is complete and propagation time has passed.