cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure Sentinel Multi-Tenant in MSP via Lighthouse

David Caddick
Iron Contributor

‎May 24 2021 05:55 PM

‎May 24 2021 05:55 PM

Azure Sentinel Multi-Tenant in MSP via Lighthouse

Hi All,

 

We are looking at Azure Sentinel across a Multi-Tenanted model where from the MSP perspective (Master) we could have Read Only (RO) access to monitor multiple instances - however should there be a requirement where there is possibly an Incident - can this then be changed to Read Write (RW) access to be able to assist the customers with triage and incident response in a more direct manner?

 

Is this possible?

Could this be achieved via PIM or JIT?
JIT would require a VM in the customers tenancy?

 

Please feel free to shoot this down with a better or more pragmatic solution if that's the case.

Regards,
Dave Caddick

1,157 Views
0 Likes
1 Reply
Reply
1 Reply
best response confirmed by David Caddick (Iron Contributor)
Gary Bushey

‎May 25 2021 04:27 AM

‎May 25 2021 04:27 AM

Solution

Re: Azure Sentinel Multi-Tenant in MSP via Lighthouse

@David Caddick Since you are using Lighthouse, you can create 2 Azure AD groups in your tenant, one that provides read-only rights and the other that provides read/write rights.   Then, if you need it, you can add the appropriate user to the read/write group (or just assign a person that would handle all modifications of the incident to that group).

 

You can also look at Privileged Identity Management (PIM) access to AD groups (currently in preview) Managing privileged Azure AD groups in Privileged Identity Management (PIM) | Microsoft Docs

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by David Caddick (Iron Contributor)
Gary Bushey

‎May 25 2021 04:27 AM

‎May 25 2021 04:27 AM

Solution

Re: Azure Sentinel Multi-Tenant in MSP via Lighthouse

@David Caddick Since you are using Lighthouse, you can create 2 Azure AD groups in your tenant, one that provides read-only rights and the other that provides read/write rights.   Then, if you need it, you can add the appropriate user to the read/write group (or just assign a person that would handle all modifications of the incident to that group).

 

You can also look at Privileged Identity Management (PIM) access to AD groups (currently in preview) Managing privileged Azure AD groups in Privileged Identity Management (PIM) | Microsoft Docs

View solution in original post

0 Likes
Reply