Managed service providers (MSPs) now have a new weapon in the escalating battle against identity-based attacks targeting Microsoft 365 tenants. Huntress announced the general availability of its Managed Identity Security Posture Management (ISPM) service on June 30, 2026, extending its security platform with automated hardening across Entra ID, Exchange Online, and other critical Microsoft 365 services. The launch marks a significant expansion of Huntress’s mission to deliver managed security solutions tailored specifically for MSPs and the small and midsize businesses (SMBs) they protect.

Identity threats have rapidly become the most common entry point for cyberattacks. Microsoft itself reports that more than 99% of identity-related compromises could be prevented by basic security hygiene. Huntress Managed ISPM aims to close that gap by continuously scanning Microsoft 365 tenants for misconfigurations, enforcing best-practice security controls, and remediating risky settings without requiring deep identity expertise from MSP teams.

The service automates the discovery and hardening of key identity components: conditional access policies, multifactor authentication (MFA) enforcement, privileged role assignments, and guest user permissions within Entra ID (formerly Azure Active Directory). For Exchange Online, it tackles common attack vectors such as forwarding rules to external domains, legacy authentication protocols, and mailbox auditing configurations. Additional Microsoft 365 workloads like SharePoint and Teams are also covered through a unified posture management dashboard.

Managed Hardening That Moves at the Speed of Threats

Huntress Managed ISPM is not a static security assessment tool. It operates as a fully managed service: Huntress security researchers continuously update detection rules and response playbooks based on the latest threat intelligence. When a new attack technique emerges—such as a novel OAuth consent phishing campaign or a bypass of MFA—the service adapts its hardening policies within hours, not weeks.

The platform employs API-based scanning to evaluate thousands of configuration settings across a tenant. It compares each setting against a curated baseline derived from CIS benchmarks, Microsoft best practices, and Huntress’s own incident response data. Misconfigurations are flagged with severity ratings, and priority actions are surfaced to the MSP through a centralized console.

Crucially, the service can be configured to automatically remediate low-risk findings while escalating high-impact changes for approval. For example, if a global administrator account is detected with no MFA, Managed ISPM can immediately enforce MFA registration and revoke the admin’s current sessions. If a conditional access policy is found to exclude a critical application, the MSP is alerted with a recommended fix that can be applied in one click.

Why MSPs Need Automated Identity Hardening

MSPs manage dozens or even hundreds of Microsoft 365 tenants, each with its own bespoke configuration. Manually auditing identity security across all tenants is time-consuming, error-prone, and often neglected. A 2025 survey by the MSP Alliance found that 68% of MSPs cited identity and access management as their top challenge in securing client environments.

Huntress Managed ISPM solves this by giving MSPs multi-tenant visibility and bulk remediation capabilities. From a single pane of glass, an MSP can see the overall identity hygiene score of every client, drill into risky configurations, and apply fixes across tenants with consistent policies. This not only improves security but also creates a new revenue stream: MSPs can package the service as “Identity Hardening” for their clients, differentiating their offering in a competitive market.

The service integrates seamlessly with the Huntress Security Platform, which already includes managed detection and response (MDR) for endpoints, Microsoft 365, and cloud environments. By adding ISPM, Huntress closes the loop between detecting active attacks and proactively strengthening defenses. “You can’t just wait for someone to break in and then respond,” says Kyle Hanslovan, CEO of Huntress, in a recent interview. “We’re giving MSPs the power to lock the doors before the burglars even try the handle.”

Inside the Hardening: Entra ID and Exchange Online Focus

Let’s look at the specific hardening measures for the two most critical attack surfaces: Entra ID and Exchange Online.

Entra ID (Azure AD) Hardening:
The service enforces MFA for all user accounts, including break-glass emergency accounts, with compliant authentication methods. It identifies and disables legacy authentication protocols (like POP3, IMAP, SMTP) that bypass modern security controls. Privileged roles—such as Global Administrator, Security Administrator, and Exchange Administrator—are continuously monitored. Excessive assignments are flagged, and the service can automate just-in-time privileged access or convert permanent assignments to eligible roles requiring approval. Conditional access policies are evaluated for coverage gaps; the service ensures all cloud apps and user actions are protected by granular conditions like device compliance, location, and sign-in risk.

Exchange Online Hardening:
Attackers frequently target Exchange Online to set up forwarding rules that exfiltrate email to external accounts. Managed ISPM detects and removes any forwarding rule to an external domain, alerting the MSP. It also disables the ability for users to create such rules without admin approval. Additionally, it enforces mail flow rules that scan for malicious patterns, hardens SMTP authentication settings, and ensures mailbox auditing is enabled to capture detailed logs of activity. Anti-phishing policies are tuned to block impersonation attempts, and Safe Attachments/Safe Links in Defender for Office 365 are verified to be active.

The Threat Landscape That Makes ISPM Essential

Identity is now the primary security perimeter. The 2026 Verizon Data Breach Investigations Report noted that stolen credentials were involved in 61% of breaches, with phishing and credential harvesting as the top attack vectors. Attacks like AiTM (adversary-in-the-middle) phishing kits, which can intercept MFA tokens, have surged 350% in the past two years. Consent phishing, where users are tricked into granting malicious apps access to their data, remains a persistent threat. All of these are mitigated by the posture controls Managed ISPM enforces.

SMBs, the typical clients of MSPs, are prime targets precisely because they lack dedicated identity security teams. Huntress reports that, in its own telemetry, 85% of Microsoft 365 tenants it onboarded had at least one critical identity misconfiguration, most commonly a global admin without MFA. These are not complex zero-days; they are configuration gaps that criminals actively exploit.

How Managed ISPM Differs from Native Tools

Microsoft 365 offers its own security posture recommendations through Microsoft Secure Score and the Identity Secure Score in Entra ID. While these are valuable, they are primarily self-service. They require someone to interpret the recommendations, understand the business impact, and implement changes—a process that can take weeks in a typical MSP environment. There is no automatic remediation; the scores simply provide visibility.

Huntress Managed ISPM builds on top of these signals but adds a critical layer of management and automation. The service not only identifies problems but fixes them on behalf of the MSP, following pre-established policies. Moreover, the Huntress team continuously curates the baseline, incorporating lessons from real incidents they’ve investigated across thousands of endpoints and tenants. This managed intelligence means the service evolves faster than any static checklist.

Real-World Impact: Early Adopter Experiences

During the beta program, several MSPs reported immediate security gains. One MSP with 120 tenants used Managed ISPM to discover that 34 global admins had no MFA. Within an hour, the service had enforced MFA on all those accounts and revoked suspicious active sessions. Another MSP found that a client’s Exchange Online had a forwarding rule active for six months, silently exfiltrating sensitive emails to a competitor’s domain. The rule had been missed by periodic manual audits. Automated remediation removed the rule and notified the MSP, preventing potential data loss.

These outcomes underscore the value of continuous, automated posture management: it eliminates the blind spots that arise from human error or limited resources.

Integration with the Huntress Security Platform

Managed ISPM is not a standalone product—it’s a core module within the Huntress Security Platform. Data flows seamlessly between ISPM and other Huntress capabilities like Microsoft 365 MDR and endpoint MDR. For instance, if ISPM detects an anomalous configuration change (e.g., a new connector being created), that event is correlated with login anomalies and endpoint telemetry. This cross-domain analysis provides a richer security narrative and reduces false positives.

The unified platform also simplifies billing, reporting, and compliance for MSPs. A single dashboard shows identity health scores, active incidents, and hardening progress across all clients. Monthly executive reports can be automatically generated, including before-and-after snapshots of the identity posture, which MSPs can share with their clients to demonstrate value.

Challenges and Considerations

While managed posture management is powerful, it requires MSPs to understand the policies being enforced. Aggressive auto-remediation could disrupt business operations if not carefully scoped. For example, disabling legacy authentication might break a line-of-business application that relies on SMTP. Huntress addresses this through staged rollout options and the ability to test policies in “report-only” mode before enforcing them. The service also supports granular policy exceptions that can be applied per tenant or per user group.

Pricing details were not disclosed at GA, but Huntress has historically used a per-tenant, flat-fee model that aligns with MSP economics. The company is known for transparent pricing and no long-term contracts, which lowers the barrier for adoption.

The Competitive Landscape

Huntress enters a market where cybersecurity vendors like Blackpoint, ConnectWise, and even Microsoft itself are vying for MSP attention with cloud security offerings. However, few combine managed detection and response with managed posture hardening in a single, MSP-centric platform. Most posture management tools are designed for enterprise IT and require significant customization. Huntress’s focus on SMBs and MSPs gives it an edge: the service is opinionated on what “good” looks like and removes the guesswork.

IDC analyst Frank Dickson noted, “The shift from reactive detection to proactive posture management is the next frontier for MSP security. Vendors that can automate the mundane and amplify the MSP’s expertise will win the market.” Huntress Managed ISPM is a direct response to that trend.

What’s Next for Huntress and MSP Security

The general availability of Managed ISPM is expected to accelerate Huntress’s growth in the Microsoft 365 security space. The company has hinted at future modules for identity threat detection and response (ITDR), which would add active monitoring of identity-based attacks like token replay and consent phishing abuse. Combined with posture management, such a capability would create a comprehensive identity protection suite.

For MSPs, the evolution is clear: security is no longer a bolt-on service but a fundamental component of their managed IT offerings. Tools like Managed ISPM enable them to deliver enterprise-grade security without enterprise overhead. As cyber threats become more automated, the only scalable defense is automation on the defenders’ side.

Key Takeaways for MSPs

  • Immediate Risk Reduction: Enforce identity best practices across all tenants in minutes, not months.
  • Revenue Opportunity: Monetize the service as a value-add to clients, improving margins and stickiness.
  • Efficiency Gains: Free up tier-2 and tier-3 analysts from tedious posture checks; let the platform handle the routine.
  • Continuous Compliance: Maintain alignment with industry standards (CIS, NIST, Microsoft) effortlessly.

The launch of Huntress Managed ISPM comes at a time when identity attacks show no signs of slowing. For MSPs looking to harden their clients’ Microsoft 365 environments against the latest threats, turning to a managed service that combines automation, expert curation, and deep platform integration may be the smartest move they make this year.