Using Lighthouse to monitor MDC

Silver Contributor

This Cross-tenant management experiences - Azure Lighthouse | Microsoft Learn states that "the entire subscription must be delegated to the managing tenant; Microsoft Defender for Cloud scenarios are not supported with delegated resource groups" does this mean that every subscription monitored by MDC must be delegated to the managed service provider?
Also what happens if MDC is monitoring another cloud? how does this affect the service provider?

1 Reply
We are planning to host defender and manage via lighthouse we ended up delegating the entire subscription and then defined the RBAC roles specific to defender (security reader and Security administrator) the delegation at resource group level doesn't work as defender monitors at subscription level