What’s new: Multi-tenancy in the unified security operations platform experience in Public Preview

Multi-tenancy for Microsoft Sentinel in Defender Portal (Unified Security Operations Platform)

Multi-tenancy with a single workspace is now available in public preview for customers using Microsoft’s unified security operations (SecOps) platform. This expands the use cases that can be supported by this transformational experience that unifies the critical tools needed for SOCs into a single experience to improve protection and efficiency. Read on to learn more about what’s available now and how to get started.

What is Microsoft’s Unified SecOps Platform?

The unified security operations platform provides a single experience for Microsoft Sentinel and Defender XDR, along with Copilot for Security, exposure management, and threat intelligence in the Defender portal. The unified SecOps platform is in GA for commercial cloud customers using both Microsoft Sentinel and Defender XDR.

What can you do with the public preview of multi-tenancy in your unified security operations (SecOps) platform?

Multi-tenancy, now available in public preview, enables Managed Security Service Providers (MSSPs) and enterprises to secure their entire environment. Previously, customers had to manage this separately in Microsoft Sentinel using Azure Lighthouse and Microsoft Defender, and Multi-Tenant Organizations (MTO).

This release does not include multi-tenancy for Copilot for Security, Threat Intelligence, or Exposure Management.

This public preview will allow customers to:

• More accurate accident detection and investigation: Multi-tenant customers can triage incidents and alerts from SIEM and XDR data.
• Improving your threat hunting experience: Users can now proactively search data across multiple tenants, including SIEM and XDR data.
• Integrated Management: Customers can now manage the tenancy for their threat protection tools from a single location.

What value can MSSPs and multi-tenant organizations get from using a unified platform?

• Enhanced Detection and Response: Incidents and alerts are automatically correlated from SIEM and XDR data to provide a comprehensive and accurate picture of multi-stage attacks. This holistic view improves detection and response times, allowing you to more effectively identify and mitigate threats.
• Simplified research: Built-in enrichment capabilities such as device, user, and other entity information from Microsoft Defenders streamline the investigation process. These enrichment capabilities provide additional context and insights to make it easier to understand and respond to security incidents. You can also hunt for threats across all your SIEM and XDR data without having to collect XDR data.
• Scalability and Flexibility: The integrated platform is designed to grow with your business, accommodating the needs of your growing customer base and evolving security environment. This flexibility allows MSSPs to continue to provide high-quality security services as their operations expand.
• Comprehensive threat intelligence: Access to Microsoft’s extensive threat intelligence network gives MSSPs up-to-date information on the latest threats and vulnerabilities. This intelligence helps them proactively defend against new threats and stay ahead of attackers.
• Seamless integration: The platform integrates seamlessly with existing security tools and workflows to minimize disruption and maximize the value of existing investments. This integration ensures a smooth transition and strengthens your overall security posture.

How many workspaces can you manage with multi-tenancy in a unified SecOps platform?

Multi-tenant management capabilities in the unified SecOps platform allow you to handle multiple tenants through a unified interface. Currently, each tenant is limited to one workspace. Multi-workspace support is in the works, so join the connected community to participate in the private preview.

What are the requirements to leverage multi-tenant management in a unified security operations platform?

Are Azure Lighthouse and GDAP supported?

Not yet.

How do I enable multi-tenant management in a unified SecOps platform?

Go to mto.security.microsoft.com

Who are the target users of multi-tenant management within a unified SecOps platform?

You are an enterprise or Managed Security Service Provider (MSSP) looking to handle the security of multiple clients or large multinational corporations.

How can I send feedback?

The best way to provide feedback is to use the product as shown here.

You can join Microsoft’s Customer Connect program to provide feedback on the Personal Preview feature. Learn more here. https://aka.ms/MSSecurityCCP.

What license do I need to use this new feature?

No license is required to use this feature. Accessing data from multiple tenants requires each tenant’s own license.

Are there any additional intake costs?

Multi-tenant management does not incur additional collection costs. In fact, using a unified security operations platform environment can potentially save costs because customers do not need to collect Defender XDR data into Microsoft Sentinel to correlate incidents or find threats. Collection is still required for long-term retention.

Learn more and get started today: