A
aklausner
Multi-tenancy for Microsoft Sentinel in the Defender portal (unified security operations platform)
Multi-tenancy, with a single workspace is now in public preview for customers using Microsoft’s unified security operations (SecOps) platform. This will expand the use cases we can support with this innovative experience that brings together the critical tools a SOC requires into a single experience to improve protection and efficiency. Read on to learn more about what is available now, and how to get started.
What is Microsoft’s unified SecOps platform?
The unified security operations platform provides a single experience for Microsoft Sentinel and Defender XDR, along with Copilot for Security, exposure management and threat intelligence, in the Defender portal. The unified SecOps platform is in GA for commercial cloud customers with both Microsoft Sentinel and Defender XDR.
What are we enabling with the public preview of multi-tenancy in the unified security operations (SecOps) platform?
Multi-tenancy, now in public preview, supports managed security service providers (MSSPs) and enterprises in protecting their whole environment. Previously, customers were required to manage this separately in Microsoft Sentinel, with Azure Lighthouse and Microsoft Defender, with Multi-tenant Organization (MTO).
This release will not include multi-tenancy for Copilot for Security, Threat Intelligence or exposure management.
With this public preview, customers can:
What value do MSSPs and multi-tenant organizations get from using the unified platform?
How many workspaces can I manage through multi-tenancy in the unified SecOps platform?
The unified SecOps platform's multi-tenant management feature enables the handling of various tenants through a unified interface. Currently, each tenant is limited to one workspace. Multi-workspace support is on the way, to participate in our private preview, please join our connected community.
What are the requirements to utilize multi-tenant management in the unified security operations platform?
Are Azure Lighthouse and GDAP supported?
Not yet.
How do I use multi-tenant management in the unified SecOps platform?
Navigate to mto.security.microsoft.com
Who is the intended user for multi-tenant management within the unified SecOps platform?
Any enterprise or Managed Security Service Provider (MSSP) aiming to handle security for multiple client organizations, or large, multi-national enterprises.
How can I provide feedback?
The best way to provide feedback is in product, as shown here.
To provide feedback on private preview features, you can join Microsoft’s Customer Connection Program. Learn more at The New Microsoft Security Connection Program.
What are the licenses required to use this new feature?
No license is required to use this feature. To access multiple tenant’s data, each of them is required to have its own license.
Are there any additional ingestion costs?
Multi-tenant management does not incur additional ingestion costs. In fact, there is the potential for cost savings when using the unified security operations platform experience as customers do not need to ingest their Defender XDR data into Microsoft Sentinel in order to correlate incidents or hunt for threats. Ingestion is still required for extended retention.
Learn more and get started now:
Continue reading...
Multi-tenancy, with a single workspace is now in public preview for customers using Microsoft’s unified security operations (SecOps) platform. This will expand the use cases we can support with this innovative experience that brings together the critical tools a SOC requires into a single experience to improve protection and efficiency. Read on to learn more about what is available now, and how to get started.
What is Microsoft’s unified SecOps platform?
The unified security operations platform provides a single experience for Microsoft Sentinel and Defender XDR, along with Copilot for Security, exposure management and threat intelligence, in the Defender portal. The unified SecOps platform is in GA for commercial cloud customers with both Microsoft Sentinel and Defender XDR.
What are we enabling with the public preview of multi-tenancy in the unified security operations (SecOps) platform?
Multi-tenancy, now in public preview, supports managed security service providers (MSSPs) and enterprises in protecting their whole environment. Previously, customers were required to manage this separately in Microsoft Sentinel, with Azure Lighthouse and Microsoft Defender, with Multi-tenant Organization (MTO).
This release will not include multi-tenancy for Copilot for Security, Threat Intelligence or exposure management.
With this public preview, customers can:
- Detect and investigate incidents with better accuracy: Multi-tenant customers can triage incidents and alerts across SIEM and XDR data.
- Improve threat hunting experience: Users can now proactively search for data across multiple tenants, including SIEM and XDR data.
- Unified management: customers now can manage their tenancy in a single place for their threat protection tools.
What value do MSSPs and multi-tenant organizations get from using the unified platform?
- Enhanced detection and response: Incidents and alerts are automatically correlated across SIEM and XDR data, providing a comprehensive and accurate picture of multistage attacks. This holistic view improves detection and response times, ensuring threats are identified and mitigated more effectively.
- Streamlined investigation: Out-of-the-box enrichments such as device, user, and other entities information from Microsoft Defenders simplifies the investigation process. These enrichments provide additional context and insights, making it easier to understand and respond to security incidents. It is also possible to hunt for threats across all SIEM and XDR data, without ingesting XDR data.
- Scalability and flexibility: The unified platform is designed to scale with your business, accommodating the needs of growing customer bases and evolving security landscapes. This flexibility ensures that MSSPs can continue to deliver high-quality security services as their operations expand.
- Comprehensive threat intelligence: Access to Microsoft’s extensive threat intelligence network provides MSSPs with up-to-date information on the latest threats and vulnerabilities. This intelligence helps in proactively defending against emerging threats and staying ahead of attackers.
- Seamless Integration: The platform integrates seamlessly with existing security tools and workflows, minimizing disruption and maximizing the value of existing investments. This integration ensures a smooth transition and enhances overall security posture.
How many workspaces can I manage through multi-tenancy in the unified SecOps platform?
The unified SecOps platform's multi-tenant management feature enables the handling of various tenants through a unified interface. Currently, each tenant is limited to one workspace. Multi-workspace support is on the way, to participate in our private preview, please join our connected community.
What are the requirements to utilize multi-tenant management in the unified security operations platform?
- Customers must be using Microsoft Sentinel and at least one Defender XDR workload.
- Users must have delegated access to more than 1 tenant enrolled into the unified SecOps platform, using Azure B2B collaboration.
- To learn more about scalable B2B deployment for Defender, navigate to Secure and govern security operations center (SOC) access in a multitenant organization with Microsoft Defender for Cloud XDR and Microsoft Entra ID Governance - Microsoft Entra ID | Microsoft Learn
Are Azure Lighthouse and GDAP supported?
Not yet.
How do I use multi-tenant management in the unified SecOps platform?
Navigate to mto.security.microsoft.com
Who is the intended user for multi-tenant management within the unified SecOps platform?
Any enterprise or Managed Security Service Provider (MSSP) aiming to handle security for multiple client organizations, or large, multi-national enterprises.
How can I provide feedback?
The best way to provide feedback is in product, as shown here.
To provide feedback on private preview features, you can join Microsoft’s Customer Connection Program. Learn more at The New Microsoft Security Connection Program.
What are the licenses required to use this new feature?
No license is required to use this feature. To access multiple tenant’s data, each of them is required to have its own license.
Are there any additional ingestion costs?
Multi-tenant management does not incur additional ingestion costs. In fact, there is the potential for cost savings when using the unified security operations platform experience as customers do not need to ingest their Defender XDR data into Microsoft Sentinel in order to correlate incidents or hunt for threats. Ingestion is still required for extended retention.
Learn more and get started now:
- https://learn.microsoft.com/en-us/defender-xdr/mto-overview
- Microsoft Sentinel in the Microsoft Defender portal | Microsoft Learn
Continue reading...