Software Store
← Back to shop 🛒 Basket 03300 56 88 33
Store Huntress Managed ITDR
Managed identity threat detection & response

Huntress Managed ITDR

Identity is the new endpoint — and attackers know it. Huntress ITDR detects and responds to account takeovers, BEC and privilege escalation in Microsoft 365 and Google Workspace, 24/7.

Request pricing & enquire ← Back to shop Call us

What is Huntress Managed ITDR?

The majority of breaches now start with a compromised identity, not a compromised device. Stolen credentials, adversary-in-the-middle (AiTM) attacks, OAuth app abuse and business email compromise don’t need to touch an endpoint at all — and traditional EDR can’t see them.

Huntress Managed ITDR watches your Microsoft 365 and Google Workspace environments continuously, hunting for the signals that indicate an identity has been compromised. Suspicious login patterns, unusual mail flow rules, privilege escalation, unauthorised OAuth app consent, session hijacking — all detected and responded to by the same 24/7 SOC that backs Huntress EDR.

Identity-based attacks have increased by 156% since 2023. With ITDR running alongside EDR, you get defence across both the endpoint and the identity layer — covering the two most common attack vectors in a single platform.

Key benefits

🔒
Account takeover detection
Detects compromised Microsoft 365 accounts in real time — impossible travel, unfamiliar device logins, bulk email deletion and other takeover indicators.
Business email compromise (BEC)
Spots mail flow manipulation, forwarding rules and impersonation patterns that indicate BEC — before money or data leaves the organisation.
🛡
Adversary-in-the-middle (AiTM)
Detects session token theft that bypasses MFA — one of the fastest-growing attack vectors, up massively since 2023.
📈
Privilege escalation monitoring
Watches for unauthorised changes to admin roles, global admin additions and permission escalation across Entra ID and Microsoft 365.
🔐
OAuth app visibility
Detects suspicious third-party OAuth app consent — a common persistence method attackers use to maintain access after a password reset.
📊
24/7 SOC response
Human analysts triage every identity alert and take action where pre-authorised. Plain-English incident reports with clear remediation steps.

How it works

1
API-based connection, no agent needed

ITDR connects to Microsoft 365 via API — no software to install on devices. iTVerse handles the connection and configuration. Provisioning is free.

2
SOC begins monitoring identities immediately

From connection, Huntress analysts watch login events, mail flow, OAuth activity and privilege changes across your Microsoft 365 tenant.

3
Incidents surface as clear reports

When a compromised identity is detected, you receive a clear incident report with the threat context, affected accounts, and remediation steps. The SOC can act directly where pre-authorised.

4
Pairs with Huntress EDR

ITDR works alongside EDR for full coverage. Identity events and endpoint events are correlated — giving a complete picture when an attack spans both layers.

What’s included

  • 24/7 SOC-backed identity monitoring for Microsoft 365 and Google Workspace
  • Account takeover detection — impossible travel, unfamiliar devices, bulk changes
  • Business email compromise (BEC) — mail flow rules, forwarding, impersonation
  • Adversary-in-the-middle (AiTM) and session token theft detection
  • Privilege escalation and unauthorised admin role changes
  • Suspicious OAuth app consent detection
  • API-based connection — no agent on endpoints required
  • Correlates with Huntress EDR for full endpoint + identity coverage
  • Plain-English incident reports with one-click remediation
  • Provisioning and ongoing management by iTVerse (provisioning free)
Request pricing

Pricing for Huntress ITDR is tailored to your environment. Tell us what you need and we’ll come back within one working day.

Call 03300 56 88 33Mon–Fri
Or send an enquiry
Response within one working day
No obligation
Managed by iTVerse