Cross tenancy management is a concern for ISVs and organizations with multiple tenants. An ISV might have multiple tenants due to the following reasons:
This blog describes the use case of an ISV who wants to utilize to manage Sentinel across the multiple tenants.
Microsoft Sentinel is a scalable, cloud native SIEM and SOAR solution. It delivers intelligent security analytics and threat intelligence across the enterprise. Learn more here.
Azure Lighthouse allows service providers to perform operations across several Microsoft Entra Tenants at once. It enables multi-tenant management with scalability, higher automation, and enhanced governance across resources.
Azure Lighthouse allows the Entra service principals in the primary tenant to be granted access to secondary tenant subscriptions. The resources in secondary tenant subscriptions become available in primary tenant subscriptions. Learn more here.
Either the templates here: GitHub - Azure/Azure-Lighthouse-samples: Provide samples for understanding managed service solutions or the portal directly can be used to set up Lighthouse with the secondary tenants. The steps documented here are directly through the Azure portal.
1) In the primary tenant, search for My Customers and Click on “Create ARM Template.”
2) Provide details
3) The next step is authorization, consider the best practices of assigning the least privilege access. The screen looks like this:
4) Click on View Template and download it. Once downloaded, the template needs to be uploaded to Secondary Tenant.
5) Go to Secondary Tenant -> Azure Lighthouse -> View Service Provider Offers. Click on Service Provider Offers -> Add Offers -> Add via Template. Upload the template downloaded in Step 4. It takes approximately 15 mins for this to work. For any deployment error, use the troubleshooting section from this article.
6) Switch to primary tenant, refresh and click on Directory/Subscription to see the newly delegated Tenant/Subscription.
Once you have completed the delegation, you can see the Sentinel in the list in your primary tenant. The steps in this article - Manage Microsoft Sentinel workspaces at scale - Azure Lighthouse | Microsoft Learn - allows you to do tasks such as:
Workspace Manager is a new feature which lets you manage multiple Sentinel workspaces within one or more Azure tenants with workspaces manager. Use this link - Manage multiple Microsoft Sentinel workspaces with workspace manager | Microsoft Learn - to enable the workspace manager on the central workspace.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.