FAQ's for MDR for Microsoft 365
Can the dedicated Service Account created as part of onboarding be deleted?
Unfortunately not. Deletion of the user may have unintended consequences with the integration and on-behalf-of Microsoft interaction flows. The purpose of creating a dedicated service account is to reduce security risk and any potential impact from setup complications.
How do I exclude a user from MDR for Microsoft 365 licensing?
Huntress and the security community consider every user a potential attack vector for a threat actor to leverage in an incident. Users can be created and removed on the fly, and ensuring that Huntress can see all user information (including service accounts and other account types) is the best security outcome.
Huntress does not bill for all user accounts, only those that are actually billed for by Microsoft.
For example, this excludes guests and most shared mailboxes.
If this is something you'd like to advocate for, please vote on https://feedback.huntress.com/mdr-for-microsoft365
What Microsoft 365 Licenses are excluded?
Please take a look at the following guide to see what licenses we exclude: Licenses that Huntress Excludes
How do I map a Huntress Organization to a Microsoft 365 tenant not in my partner center?
Please follow the [Manual/Non-Partner] Getting integrated with Microsoft 365 instructions.
Will you be adding coverage for Google Workspace?
Not at this time. The team is dedicated to making this product the best it can be for Microsoft 365.
If I am not a Microsoft Cloud Solution Provider (CSP), can I still use this product?
Yes! Microsoft organizations can be manually mapped to Huntress organizations via our portal. Please follow instructions at this link to get started [Manual/Non-Partner] Getting integrated with Microsoft 365.
Does Huntress recognize third-party MFA as Enabled in the portal?
Not at this time. The Huntress portal will only report MFA as Enabled for a user if that user utilizes Microsoft MFA through the Microsoft authenticator app.
Can Huntress read my clients' emails with this product?
No. Huntress does not pull any email subject or content data from Microsoft.
Will Huntress block or disable accounts when they are compromised?
Yes. A Huntress SOC analyst has the ability to disable an account when they suspect that account is involved in malicious activity.
How long does Huntress keep my logs from Microsoft?
How long does it take for my Microsoft logs to reach Huntress systems?
There is always some variability but we generally receive and begin processing logs from Microsoft within a few minutes.
Will MDR for Microsoft 365 detect existing malicious activity in my environment?
The product will detect existing malicious inbox rules but will not detect historical malicious logins.
Does MDR for Microsoft 365 have an external API available?
Yes! Please visit Huntress API.