We are looking at Azure Sentinel across a Multi-Tenanted model where from the MSP perspective (Master) we could have Read Only (RO) access to monitor multiple instances - however should there be a requirement where there is possibly an Incident - can this then be changed to Read Write (RW) access to be able to assist the customers with triage and incident response in a more direct manner?
Is this possible?
Could this be achieved via PIM or JIT?
JIT would require a VM in the customers tenancy?
Please feel free to shoot this down with a better or more pragmatic solution if that's the case.