Mar 28 2019 06:13 AM
Hello all,
Can I set up a central Azure Sentinel to monitor multiple subscriptions?
Or is one Azure Sentinel recommended per subscription?
Best
Christian
Mar 28 2019 04:09 PM
Mar 28 2019 04:24 PM - edited Apr 01 2019 05:15 AM
At this time it's one Azure Sentinel Workspace per Tenant, Azure Sentinel works across subscriptions. Microsoft is in the process of looking into MSP (Managed Service Provider ) solutions but nothing has been publicly released at this time. Please feel free to reach out if you have any more questions.
Apr 01 2019 01:21 PM
@Chris Boehm Does it work across multiple subscriptions? Maybe I don't understand what you mean by that but I would like to bring in MCAS data from multiple tenants and that doesn't seem to be possible.
Apr 01 2019 01:59 PM
Apr 25 2019 09:41 AM
@Chris Boehm is there any beta program an MSP could take part in to assist in trialing features :) Any idea of when something public may be released? For now if we set up a Azure tenant for the customer will there be a migration tool to bring into multi-tenant when that option is available?
Apr 25 2019 01:59 PM
We'll most likely make the announcement within this communities page for the preview functionality, you're already looking in the best location at this time :)
I don't have an answer at this time on the migration path if it'll just be a connection between workspaces with the key or if it'll be a different interface to integrate them. I'm sure we'll announce the details whenever they've been established.
Great question!
Thanks,
Aug 12 2019 01:42 AM
@Chris Boehm is there any further update on multi tenant support for Sentinel?
Aug 13 2019 03:20 AM - edited Aug 13 2019 03:20 AM
Development is already in process; if you haven't looked into it we're using Azure Lighthouse for the MSSP solution: https://azure.microsoft.com/en-us/services/azure-lighthouse/
Aug 13 2019 04:39 AM
@Chris Boehm thanks - I saw Lighthouse mentioned recently - I did wonder if it was related, so good to know.
Aug 13 2019 04:48 PM
Aug 13 2019 11:42 PM
Aug 15 2019 01:11 PM
@Chris BoehmIs there an aggregation capability to provide a "single pane of glass" for all CSP tenants? From the documentation, it appears that the CSP can gain delegated access to each individual tenant for Log Analytics and ASC. This article mentions "cross-tenant visibility" for ASC, but does not show what the user experience is like. It would be nice to see a screen-shot showing multiple subscriptions from multiple Azure AD tenants in a centralized view in Sentinel and ASC.
Apr 13 2020 04:41 AM
We recently announced a central incident management screen which is in private preview. You can read more about working with multiple workspaces, optionally across tenants, in our archtecture webinar (MP4, YouTube) and the (updated) presentation. You may also want to register for the MSSP and distributed organization webinar on April 20th here.
Dec 04 2021 06:43 AM
Dec 05 2021 11:17 PM
Feb 24 2022 10:04 AM
Apr 01 2022 11:26 AM
@Chris Boehm can you share link or screenshot from where I can add multiple subscriptions under one sentinel? I currently have sentinel connected to one subscription and want to connect other subscriptions under the same tenant but cant find a place to add from?
Thanks
Apr 05 2022 09:25 PM
@tijan2018 did you get the answer how to have multiple workspaces under single tenant added in sentinel. I couldn’t find a way to get it done, any pointers that would help?
thanks
Feb 13 2023 12:44 PM