MicrosoftHi @Javier Soriano, For centralized the monitoring purpose, we would like to create some workbooks for our 7x24 center to triage and investigate the alerts/incidents from all our customer's tenant. It would be nice if we built all the analytic rules in MSSP tenant as your mentioned, while all the alerts/incidents generated among MSSP tenant. However, some of our customer has other MS security products, like ATP, MCAS, AADIP that generated security alerts. We are not able to turn on Microsoft Security incident creation analytics rules in MSSP side, because it only could grab the security alerts on MSSP tenant, not our customer's tenant. But turn on the rules on Customer's tenant is not our wish because our team need to login every customer's sentinel for investigation. Hope there is any solutions/alernatives to "escalate" the security alerts from customer tenant to MSSP for central monitoring and reporting. Thanks.
