![]() For information about specific roles that can be used with Microsoft Sentinel, see Roles and permissions in Microsoft Sentinel. You may also want to assign additional built-in roles to perform additional functions. When creating your authorizations, you can assign the Microsoft Sentinel built-in roles to users, groups, or service principals in your managing tenant: ![]() This allows designated users in the managing tenant to access and perform management operations on Microsoft Sentinel workspaces deployed in customer tenants. Granular Azure role-based access control (Azure RBAC)Įach customer subscription that an MSSP will manage must be onboarded to Azure Lighthouse. Because of this limitation, this model isn't suitable for many service provider scenarios. However, there are some data sources that can't be connected across tenants, such as Microsoft 365 Defender. ![]() ![]() In this model, Azure Lighthouse enables log collection from data sources across managed tenants. If workspaces are only created in customer tenants, the Microsoft.SecurityInsights & Microsoft.OperationalInsights resource providers must also be registered on a subscription in the managing tenant.Īn alternate deployment model is to create one Microsoft Sentinel workspace in the managing tenant. Only analytic and hunting rules will need to be saved directly in each customer's tenant.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |