03-28-2019 06:13 AM
03-28-2019 06:13 AM
Can I set up a central Azure Sentinel to monitor multiple subscriptions?
Or is one Azure Sentinel recommended per subscription?
03-28-2019 04:24 PM - edited 04-01-2019 05:15 AM
At this time it's one Azure Sentinel Workspace per Tenant, Azure Sentinel works across subscriptions. Microsoft is in the process of looking into MSP (Managed Service Provider ) solutions but nothing has been publicly released at this time. Please feel free to reach out if you have any more questions.
04-25-2019 09:41 AM
@Chris Boehm is there any beta program an MSP could take part in to assist in trialing features :) Any idea of when something public may be released? For now if we set up a Azure tenant for the customer will there be a migration tool to bring into multi-tenant when that option is available?
04-25-2019 01:59 PM
We'll most likely make the announcement within this communities page for the preview functionality, you're already looking in the best location at this time :)
I don't have an answer at this time on the migration path if it'll just be a connection between workspaces with the key or if it'll be a different interface to integrate them. I'm sure we'll announce the details whenever they've been established.
08-13-2019 03:20 AM - edited 08-13-2019 03:20 AM
Development is already in process; if you haven't looked into it we're using Azure Lighthouse for the MSSP solution: https://azure.microsoft.com/en-us/services/azure-lighthouse/
08-13-2019 11:42 PM
08-15-2019 01:11 PM
@Chris BoehmIs there an aggregation capability to provide a "single pane of glass" for all CSP tenants? From the documentation, it appears that the CSP can gain delegated access to each individual tenant for Log Analytics and ASC. This article mentions "cross-tenant visibility" for ASC, but does not show what the user experience is like. It would be nice to see a screen-shot showing multiple subscriptions from multiple Azure AD tenants in a centralized view in Sentinel and ASC.