MSSP shared resources model authentication

pavankemi · ‎Feb 11 2021

We are new to Sentinel and would like to implement the MSSP model shared resources model. I would like to know how in a shared resources model authentication can be implemented.

For example, i have my customer A, B and C and the subscription are being managed by customers. As an MSSP we want to provide a shared resources service model. Question here is as the subscription are being managed by customer how can our resources authenticate to the Azure sentinel of these customer. If this is a dedicated resource no doubt that we will allocate the resources and split them as L1,L2 and L3 group and provide the RBAC AZure Sentinel access. But when it comes to shared resource model there can be pool of "N" number of resources who may monitor multiple customers sentinel console and we cannot provide all these resource identity to be configured on respective customer subscriptions as this could be huge and these are not dedicated resource but are shared and how we can plan the authentication of the resources.

Gary Bushey · ‎Feb 11 2021

@pavankemi Take a look at Azure Lighthouse. It enables you to work on your customer's Azure Sentinel environment without needing to have accounts created on their tenant. It provides a secure and easy method of working with customers and is also the preferred way of working with customers.

With this enabled you can either go into each customer's environment separately or you can select up to 10 customers and view all their incidents at one time.

Manage Azure Sentinel workspaces at scale - Azure Lighthouse | Microsoft Docs

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

MSSP shared resources model authentication

MSSP shared resources model authentication

Re: MSSP shared resources model authentication