Uredi

Dijelite putem

Manage multiple tenants in Microsoft Sentinel as an MSSP

  • Članak

If you're a managed security service provider (MSSP) and you're using Azure Lighthouse to offer security operations center (SOC) services to your customers, you can manage your customers' Microsoft Sentinel resources directly from your own Azure tenant, without having to connect to the customer's tenant.

Prerequisites

Verify registration of Microsoft Sentinel resource providers

To manage multiple tenants properly, your MSSP tenant must have the Microsoft Sentinel resource providers registered on at least one subscription, and each of your customers' tenants must have the resource providers registered.

If you have registered Microsoft Sentinel in your tenant, and your customers in theirs, you're ready to get started and can continue with Access Microsoft Sentinel in managed tenants.

To verify registration:

  1. Select Subscriptions from the Azure portal, and then select a relevant subscription from the menu.

  2. From the navigation menu on the subscription screen, under Settings, select Resource providers.

  3. From the subscription name | Resource providers screen, search for and select Microsoft.OperationalInsights and Microsoft.SecurityInsights, and check the Status column. If the provider's status is NotRegistered, select Register.

    Screenshot of checking resource providers.

Access Microsoft Sentinel in managed tenants

  1. Under Directory + subscription, select the delegated directories (directory = tenant), and the subscriptions where your customer's Microsoft Sentinel workspaces are located.

    Choose tenants and subscriptions

  2. Open Microsoft Sentinel, where you'll see all the workspaces in the selected subscriptions and can work with them seamlessly, just like any workspace in your own tenant.

Note

You will not be able to deploy connectors in Microsoft Sentinel from within a managed workspace. To deploy a connector, you must directly sign into the tenant on which you want to deploy a connector, and authenticate there with the required permissions.

Related content

In this document, you learned how to manage multiple Microsoft Sentinel tenants seamlessly. To learn more about Microsoft Sentinel, see the following articles: