Forum Discussion
MSSP migration to Unified portal: how are you sequencing your customer portfolio?
I’d sequence by technical risk, not renewal date. Start with two or three cooperative tenants that represent the access patterns you actually support—single workspace, multi-workspace, and Lighthouse/GDAP—but avoid your largest customer. Use each as a canary and require an exit checklist: workspace onboarding complete, analyst access validated, incidents and alerts visible, automation/playbooks exercised, connectors checked, and rollback ownership documented.
Then migrate waves of similar tenants rather than a mixed batch. Keep each wave small enough that one engineer can pause it, and don’t start the next wave until the previous one has passed 24–48 hours of monitoring. Contract timing can choose among equally ready customers; it shouldn’t override technical readiness.
I’d also keep Sentinel permissions on Azure RBAC wherever GDAP groups are required, because Microsoft’s current unified RBAC documentation says assigning permissions to GDAP user groups isn’t supported. Track each tenant with the Sentinel Deployment and Migration workbook plus a named go/no-go owner.