Manage multiple tenants in Azure Sentinel as an MSSP
If you're a managed security service provider (MSSP) and you're using Azure Lighthouse to offer security operations center (SOC) services to your customers, you can manage your customers' Azure Sentinel resources directly from your own Azure tenant, without having to connect to the customer's tenant.
For this to work properly, your tenant (the MSSP tenant) must have the Azure Sentinel resource providers registered on at least one subscription. In addition, each of your customers' tenants must have the resource providers registered. If you have registered Azure Sentinel in your tenant, and your customers in theirs, you are ready to get started. To verify registration, take the following steps:
Select Subscriptions from the Azure portal, and then select a relevant subscription from the menu.
From the navigation menu on the subscription screen, under Settings, select Resource providers.
From the subscription name | Resource providers screen, search for and select Microsoft.OperationalInsights and Microsoft.SecurityInsights, and check the Status column. If the provider's status is NotRegistered, select Register.
How to access Azure Sentinel in managed tenants
Under Directory + subscription, select the delegated directories (directory = tenant), and the subscriptions where your customer's Azure Sentinel workspaces are located.
Open Azure Sentinel. You will see all the workspaces in the selected subscriptions, and you'll be able to work with them seamlessly, like any workspace in your own tenant.
You will not be able to deploy connectors in Azure Sentinel from within a managed workspace. To deploy a connector, you must directly sign into the tenant on which you want to deploy a connector, and authenticate there with the required permissions.
In this document, you learned how to manage multiple Azure Sentinel tenants seamlessly. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.