Work with multiple tenants in Azure Sentinel
If you’re a managed security service provider (MSSP) and you’re using Azure Lighthouse to manage your customers’ security operations centers (SOC), you will be able to manage your customers’ Azure Sentinel resources without connecting directly to the customer’s tenant, from your own Azure tenant.
- Onboard Azure Lighthouse
- For this to work properly, your tenant must be registered to the Azure Sentinel Resource Provider on at least one subscription. If you have a registered Azure Sentinel in your tenant, you are ready to get started. If not, in the Azure portal, select Subscriptions followed by Resource providers and then search for
Microsoft.Security.Insightsand select Register.
How to access Azure Sentinel from other tenants
Under Directory + subscription, select the delegated directories, and the subscriptions where your customer’s Azure Sentinel workspaces are located.
Open Azure Sentinel. You will see all the workspaces in the selected subscriptions, and you’ll be able to work with them seamlessly, like any workspace in your own tenant.
You will not be able to deploy connectors in Azure Sentinel from within a managed workspace. To deploy a connector, you must directly sign into the tenant on which you want to deploy a connector and authenticate there with the required permissions.
In this document, you learned how to manage multiple Azure Sentinel tenants seamlessly. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.