Mar 28 2019 06:13 AM
Mar 28 2019 06:13 AM
Can I set up a central Azure Sentinel to monitor multiple subscriptions?
Or is one Azure Sentinel recommended per subscription?
Mar 28 2019 04:24 PM - edited Apr 01 2019 05:15 AM
At this time it's one Azure Sentinel Workspace per Tenant, Azure Sentinel works across subscriptions. Microsoft is in the process of looking into MSP (Managed Service Provider ) solutions but nothing has been publicly released at this time. Please feel free to reach out if you have any more questions.
Apr 25 2019 09:41 AM
@Chris Boehm is there any beta program an MSP could take part in to assist in trialing features :) Any idea of when something public may be released? For now if we set up a Azure tenant for the customer will there be a migration tool to bring into multi-tenant when that option is available?
Apr 25 2019 01:59 PM
We'll most likely make the announcement within this communities page for the preview functionality, you're already looking in the best location at this time :)
I don't have an answer at this time on the migration path if it'll just be a connection between workspaces with the key or if it'll be a different interface to integrate them. I'm sure we'll announce the details whenever they've been established.
Aug 13 2019 03:20 AM - edited Aug 13 2019 03:20 AM
Development is already in process; if you haven't looked into it we're using Azure Lighthouse for the MSSP solution: https://azure.microsoft.com/en-us/services/azure-lighthouse/
Aug 13 2019 11:42 PM
Aug 15 2019 01:11 PM
@Chris BoehmIs there an aggregation capability to provide a "single pane of glass" for all CSP tenants? From the documentation, it appears that the CSP can gain delegated access to each individual tenant for Log Analytics and ASC. This article mentions "cross-tenant visibility" for ASC, but does not show what the user experience is like. It would be nice to see a screen-shot showing multiple subscriptions from multiple Azure AD tenants in a centralized view in Sentinel and ASC.
Apr 13 2020 04:41 AM
We recently announced a central incident management screen which is in private preview. You can read more about working with multiple workspaces, optionally across tenants, in our archtecture webinar (MP4, YouTube) and the (updated) presentation. You may also want to register for the MSSP and distributed organization webinar on April 20th here.
Dec 04 2021 06:43 AM