Monitor Different Tenant Using Microsoft Sentinel

Contributor

Hi Team,

 

We have license for our current tenant but we are getting a new domain with separate tenant which will be using O365. Can I monitor the new domain using my existing subscription & also what will be the cost for that or it is included with Sentinel?

3 Replies

Hello @msef280,

 

Azure Lighthouse can be used to connect to other tenants.

But you will also have to create a Sentinel for each tenant you want to connect to (hence the price will be for each Sentinel separately). 

You can use only one Sentinel for creating rules, workbooks, etc.   

Please, check this article: Manage multiple tenants in Microsoft Sentinel as a Managed Security Service Provider | Microsoft Doc... to get more details about Azure Lighthouse.

Hi,

Thanks a lot for the reply so basically I need to create a dedicated "workspace" correct & merge both "Sentinel" workspace together with lighthouse I guess. Do I need to have different subscription too?

@msef280 

You have a Azure Tenant today with a Subscription and ResourceGroup(s) that has Sentinel and Log Analytics - if I keep the list simple.
In your new Tenant you create a new Subscription (or use an existing one) and ResourceGroup for Log Analytics and Sentinel (essentially you copy what you have in the original to the new Tenant).

You then link the two with Lighthouse.

Then when you open the Sentinel portal, you will see both Workspaces, but from two Directories (Tenants)/Subscriptions