MSSP shared resources model authentication

Contributor

We are new to Sentinel and would like to implement the MSSP model shared resources model. I would like to know how in a shared resources model authentication can be implemented.

 

For example, i have my customer A, B and C and the subscription are being managed by customers. As an MSSP we want to provide a shared resources service model. Question here is as the subscription are being managed by customer how can our resources authenticate to the Azure sentinel of these customer. If this is a dedicated resource no doubt that we will allocate the resources and split them as L1,L2 and L3 group and provide the RBAC AZure Sentinel access. But when it comes to shared resource model there can be pool of  "N" number of resources  who may monitor multiple customers sentinel  console and we cannot provide all these resource identity to be configured on respective customer subscriptions as this could be huge and these are not dedicated resource but are shared and how we can plan the authentication of the resources.

1 Reply

@pavankemi Take a look at Azure Lighthouse.  It enables you to work on your customer's Azure Sentinel environment without needing to have accounts created on their tenant.   It provides a secure and easy method of working with customers and is also the preferred way of working with customers.

 

With this enabled you can either go into each customer's environment separately or you can select up to 10 customers and view all their incidents at one time.

 

Manage Azure Sentinel workspaces at scale - Azure Lighthouse | Microsoft Docs