Unified SecOps XDR

Following up this trend for any updates regarding the access on each customer's Sentinel under defender portal? Do we need to access each of the customer or the Lighthouse access will do? Do we have a comprehensive documentation with this with respect with MSSP perspective?

Hey !

You don’t need a Microsoft 365 Lighthouse license for multi-tenant, multi-workspace in the Unified SecOps XDR portal. M365 Lighthouse is designed for MSP-style management of Microsoft 365 services and isn’t relevant here. For Unified SecOps, the key requirements are Azure Lighthouse for cross-tenant management and Azure AD B2B access for authentication and permissions. Focus on ensuring Azure Lighthouse is properly configured across all tenants, with the right RBAC roles and Sentinel connector delegation, as that’s what enables the centralized incident and threat view in the XDR portal.

Let me know if this helps you ! :)

I have exactly the same question. We are an MSSP and have multiple customers with Sentinel which we access via delegated access (lighthouse). The customers own their own Azure tenants so this means we dont actually need accounts in their tenant, they just run the lighthouse template. How will we access customers defender portals with our own identities? Will the customer have to invite us as external users and then have the overhead of handling JML for our users?