Huntress is extending its agentic security platform with two new offerings focused on posture management: Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM). The move brings endpoint, identity, and human risk controls into a single platform to reduce the number of gaps attackers can exploit before incidents happen.
While this news is product expansion, the timing and focus point to something bigger: security teams are struggling to keep up with the basics, and attackers are increasingly winning through misconfigurations and weak controls rather than sophisticated exploits.
Posture management is becoming central
Most organizations don’t have a consistent view of their security posture across endpoints and identities. Unmanaged devices, excessive permissions, and unauthorized applications create a wide attack surface that’s hard to track, let alone fix.
Huntress is leaning into that gap. Its new ESPM and ISPM offerings are designed to continuously identify and remediate these issues, rather than relying on periodic audits or manual intervention.
That shift matters because the threat landscape is increasingly driven by repeatable weaknesses. According to Huntress data, abuse of remote monitoring and management (RMM) tools has surged significantly, while identity-based attacks like mailbox manipulation and OAuth abuse now make up a meaningful share of incidents.
In other words, attackers don’t need new techniques if the same gaps keep showing up.
Inside Agent strengthens Huntress’ ISPM approach
A key piece of this launch is Huntress’ integration of Inside Agent, which it acquired in late 2025. Rather than building identity posture capabilities from scratch, Huntress is building on an existing Microsoft 365-focused engine.
A Huntress spokesperson explained to MSSP Alert, “Inside Agent gives Huntress a mature, battle-tested engine for Microsoft 365 tenant posture management, so we’re not starting from scratch. It already automates assessments and remediations across Entra, Exchange, Intune, SharePoint and Teams, using recognized standards like the CIS Microsoft 365 Benchmark.”
That foundation is now being turned into a managed service. “Huntress is taking that core and turning it into a purpose-built Managed ISPM service,” the spokesperson said, adding that Inside Agent’s policies are evolving into “a centrally maintained Huntress identity security framework, tuned for real-world Microsoft 365 tenants rather than generic checklists.”
The integration also expands coverage and ties posture more closely to real attack patterns. “We extend Inside Agent’s ability to assess Entra, Exchange, Intune, SharePoint and Teams so posture work actually tracks how attackers move through Microsoft 365, not just a few settings pages,” the spokesperson said.
More importantly, it connects prevention and response. “ISPM’s ‘left of boom’ posture engine pairs with Huntress Managed ITDR so we can both harden the tenant and catch identity attacks that still get through, closing the loop between prevention and response.”
From detection to prevention
The platform’s approach centers on using SOC-driven intelligence and telemetry from millions of endpoints and identities to enforce security controls automatically.
For endpoints, that includes controlling which applications can run, prioritizing vulnerabilities, and simplifying compliance reporting. For identities, it applies pre-built policies aligned with Microsoft guidance, continuously evaluates tenant configurations, and rolls back risky changes quickly.
Unlike traditional tools, the focus here is on delivering posture management as a managed service rather than a set of configurations customers need to maintain themselves.
That positioning is deliberate. As the Huntress spokesperson put it, “Most identity tools either focus on incident detection or on DIY configuration libraries. Huntress ISPM is positioned as a managed identity posture for Microsoft 365, designed for companies that fall below the Fortune 500, like the mid-market and MSPs.”
This approach shifts responsibility away from already stretched teams. “We do the work and our 24/7 AI-centric SOC analyzes all of the telemetry to stop attacks before they happen,” the spokesperson said.
The model also emphasizes continuous enforcement. “ISPM continuously evaluates tenants against that framework, uses the unified audit log to detect drift within minutes, and can auto-remediate or escalate changes, so security posture actually stays aligned over time.”
What this means for MSPs and security teams
For MSPs and MSSPs, posture management is moving from a supporting function to a core service layer.
A big part of the value is operational. Many partners don’t have the resources to design and maintain identity security frameworks across dozens or hundreds of tenants.
Huntress is trying to remove that burden. “The goal is to let MSPs standardize Microsoft 365 identity security at scale without becoming deep M365 experts for every client,” a Huntress spokesperson said.
That shows up in a few practical ways. “A single Huntress-managed framework and set of secure configurations can be deployed and enforced across many tenants, rather than hand-tuning each organization’s policies,” the spokesperson said.
Automation also plays a central role. “One-click fixes, automated remediation of unapproved changes, and drift detection tied into Microsoft 365 logs reduce the day-to-day effort of keeping hundreds of tenants aligned to best practices.”
Just as important, posture becomes easier to explain to customers. “Simple, customer-facing assessments and reports help MSPs show ‘here are your gaps, here’s what we fixed, and here’s your current posture,’ which supports both sales and ongoing QBR conversations.”
Over time, this feeds into a broader platform play. “Partners can manage endpoint, identity, SIEM, and awareness training from the same platform and SOC, making it easier to package and bill a complete security offering to small and mid-sized customers.”
The bigger shift: agentic security in practice
Huntress is framing this as part of its broader “agentic security” model, where systems don’t just detect threats but take action continuously. That concept is starting to show up across the industry. Security tools are moving toward autonomous policy enforcement, continuous remediation, and real-time adaptation to new risks. For buyers, the question is less about whether tools can detect threats and more about whether they can reduce the number of opportunities attackers have in the first place.
While this launch doesn’t introduce a new category, but it reflects where the market is heading. Security posture management is becoming less about visibility and more about execution. For organizations, that means fewer gaps left open due to lack of time or expertise. For MSPs, it opens a path to package posture management as a recurring, high-value service tied directly to risk reduction. And for the broader market, it signals a shift: security platforms are being judged not just on how well they respond to attacks, but on how effectively they prevent them from happening at all.
