Cybersecurity vendor Huntress has announced the general availability of Managed Identity Security Posture Management (ISPM), extending its Agentic Security Platform from threat detection into continuous, expert-managed remediation of identity weaknesses across Microsoft 365 environments.
The launch is underpinned by figures the company says highlight how central identity has become to modern attack chains. According to Huntress, identity-based attacks accounted for 79% of all critical and high-severity incidents its team responded to over the past year, with the majority traced back to preventable misconfigurations rather than novel exploits.
Those findings were echoed at scale during the product’s Early Access phase, in which Huntress assessed more than 12,000 Microsoft 365 tenants. The company found over 60% of organisations were missing at least half of recommended ISPM controls, 66% lacked properly configured multi-factor authentication, 59% had insufficient restrictions on admin accounts, and 55% allowed standard users to perform administrative functions.
Rather than simply flagging these gaps, Managed ISPM is designed to close them directly, deploying and maintaining hardening policies on a customer’s behalf. Huntress said it rolled out tens of thousands of policies during Early Access with a rollback rate below 0.04%, and that data from its Managed ITDR product suggests fully deployed posture improvements could have prevented 35% of identity-based incidents over the past six months, a figure the company projects could rise to 80% by the end of Q3 2026 as further controls are added.
The product is built to operate in tandem with Huntress Managed ITDR, with the two forming what the company describes as a continuous feedback loop: ITDR shuts down active identity threats and surfaces where defences need strengthening, while ISPM works to close the underlying gaps before they can be exploited again.
General availability brings three notable additions beyond the Early Access feature set. Coverage now extends beyond Entra ID to include Exchange, SharePoint, and Teams, targeting attack paths commonly used for business email compromise, data exfiltration, and privilege escalation. A new Learning Mode lets administrators preview exactly which users would be affected by a Conditional Access policy before it is enforced, helping remove a major barrier to rolling out stricter controls. Huntress has also introduced Managed Deployments, in which its team handles the guided rollout of policies that are kept current with attacker behaviour, Microsoft guidance, and industry standards.
The launch follows Huntress’s acquisition of identity security posture specialist Inside Agent less than a year ago, and the company says it is now the first vendor to offer a fully managed solution for hardening Microsoft 365 identity posture.
“Security gaps caused by misconfigurations, over-permissioned users, and policy drift are more common than many teams realise, and closing them consistently takes the right combination of time, expertise, and tooling,” said Prakash Ramamurthy, Chief Product Officer at Huntress. “Managed ISPM was built to solve that challenge.”
Huntress currently protects more than 5 million endpoints and 13 million identities across its customer base, which spans internal IT and security teams as well as managed service providers.
