Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
Oct 13, 2022

Using Lighthouse to monitor MDC

This Cross-tenant management experiences - Azure Lighthouse | Microsoft Learn states that "the entire subscription must be delegated to the managing tenant; Microsoft Defender for Cloud scenarios are not supported with delegated resource groups" does this mean that every subscription monitored by MDC must be delegated to the managed service provider?
Also what happens if MDC is monitoring another cloud? how does this affect the service provider?

  • We are planning to host defender and manage via lighthouse we ended up delegating the entire subscription and then defined the RBAC roles specific to defender (security reader and Security administrator) the delegation at resource group level doesn't work as defender monitors at subscription level

Resources