Forum Discussion

David Caddick's avatar
David Caddick
Iron Contributor
May 24, 2021
Solved

Azure Sentinel Multi-Tenant in MSP via Lighthouse

Hi All,   We are looking at Azure Sentinel across a Multi-Tenanted model where from the MSP perspective (Master) we could have Read Only (RO) access to monitor multiple instances - however should t...
  • GaryBushey's avatar
    GaryBushey
    May 25, 2021

    David Caddick Since you are using Lighthouse, you can create 2 Azure AD groups in your tenant, one that provides read-only rights and the other that provides read/write rights.   Then, if you need it, you can add the appropriate user to the read/write group (or just assign a person that would handle all modifications of the incident to that group).

     

    You can also look at Privileged Identity Management (PIM) access to AD groups (currently in preview) Managing privileged Azure AD groups in Privileged Identity Management (PIM) | Microsoft Docs

GaryBushey's avatar
GaryBushey
Bronze Contributor
May 25, 2021

David Caddick Since you are using Lighthouse, you can create 2 Azure AD groups in your tenant, one that provides read-only rights and the other that provides read/write rights.   Then, if you need it, you can add the appropriate user to the read/write group (or just assign a person that would handle all modifications of the incident to that group).

 

You can also look at Privileged Identity Management (PIM) access to AD groups (currently in preview) Managing privileged Azure AD groups in Privileged Identity Management (PIM) | Microsoft Docs

Resources