Service provider Azure light house design for MS sentinel with multiple identities

Brass Contributor

Team,

 

We would like to want to set up Azure light house to support our customers on sentinel. We do not want to use our existing corporate tenant and wanted to setup a new tenant to support our customers.

 

Query is what licenses are required to actual support our customers on new tenant using light house.

For example: My thought process is to have Azure AD P2 licenses to have MFA for the Analysts when they login to access the sentinel.

Similarly do we also wanted to have M365 E5 license for outlook and Teams or can we leverage the corporate email and teams from corporate tenant to manage the communications with the customer. 

 

Are there any other things which needs to be considered from the security aspect to setup lighthouse on a new tenant only to support the customers

 

Also what would be the best approach to integrate sentinel with MSSP ITSM and then B2B integration with customer ITSM tool or integrate sentinel with customer ITSM tool and have a B2B integration with MSSP ITSM tool

 

2 Replies
Have you looked at the MSSP Playbook?

The document includes content on how to onboard to Sentinel (Architecture, Cost & Sizing, Data Collection) and on major technical pillars with focus on the MSSPs perspective & best practices
It also includes a chapter for M365 Defender & Sentinel – our “better together” offering
The audience we’re aiming is both Partners and large customers which deploy Sentinel with a MSSP approach
It targets both beginners and experienced MSSPs

The playbook is downloadable at: http://aka.ms/azsentinelmssp

@pavankemi First, you only need Azure AD P1 to use MFA (Azure Active Directory Pricing | Microsoft Security)   

In regards to M365, it is up to you, but I would think that having your own instance would be much better than relying on your customer's instance since that would require your customers to create accounts for you and each analyst could potentially have multiple accounts they would need to check. As to what license level you would need, it would all depend if you are planning on using the extra security tools that the E5 license would provide (which you probably should to make sure your tenant is as safe as possible)

 

As far as the B2B is concerned, having your customer inviting your analysts to their Azure AD would suffice unless their ITSM does not use Azure AD