Loading...

Respond to threats across tenants more effectively with Microsoft 365 Defender multi-tenant support

Respond to threats across tenants more effectively with Microsoft 365 Defender multi-tenant support

Multi-tenant environments add an additional layer of complexity to today’s ever-evolving threat landscape. Whether organizations have grown through acquisition, or have strategically implemented multi-tenant setups, navigating across multiple environments is no small task. Mundane and repetitive tasks require security operations center (SOC) teams to log in and out of each customer environment individually. This not only consumes valuable time but also reduces the overall efficiency of the SOC teams. To improve efficiency and stay ahead of modern attacks, SOC teams need an efficient yet comprehensive security solution that delivers a unified and connected experience to boost their security operations.


Microsoft 365 Defender is an industry-leading XDR platform that delivers unified investigation and response experience and provides native protection across endpoints, identities, email, collaboration tools, cloud apps, and data.


Today we are excited to expand our current public preview for multi-tenant environments in Microsoft 365 Defender, which provides large organizations with the much-needed visibility and ease of use across their distributed environments. This addition marks the first wave of improvements, with a focus on global SOC investigation flows, including a consolidated view of incidents across tenants, device inventory, vulnerability management, the ability to perform advanced hunting across data in multiple tenants, and more.

 

Multi-customer management for partners

The new multi-tenant capabilities in Microsoft 365 Defender are also useful for Managed Security Service Provider (MSSP) partners supporting enterprises. They can now gain visibility into security incidents, alerts, and threat hunting across multiple customers through a single pane of glass, and help them efficiently run their SOC.


For small and medium business focused managed service provider (MSP) partners who need a full set of capabilities to manage customers spanning security, identity, management, and Microsoft 365 applications in a unified experience, we continue to recommend using Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is a unified portal available to Cloud Solution Provider (CSP) partners that includes a broader set of capabilities, optimized MSP partners, particularly those using our Microsoft 365 Business Premium and Defender for Business. It includes a multi-tenant view of Defender for Business incidents and alerts, vulnerability management and exposure scores, as well as security baselines with configuration drift analysis across multi-tenants spanning span identity, Intune, and more. The Lighthouse and multi-tenant organization (MTO) support comparison FAQ lists the capabilities of both platforms in detail.

 

As we build out Microsoft 365 Defender multi-tenant capabilities, we will share more on the combined roadmap for Microsoft 365 Lighthouse and MTO.

 

A centralized place to manage incidents across tenants

Whether it’s searching for the most critical high-severity incidents scattered throughout a large organization or monitoring sanitation efforts across the board, the new multi-tenant management experience provides SOC analysts with all the information in one place to efficiently perform incident investigation and remediation across multiple tenants at scale. No need to log in and out of each individual tenant.

Figure 1: The unified incidents queue, which includes the "tenant name" dimensionFigure 1: The unified incidents queue, which includes the "tenant name" dimension

 

SOC analysts can easily access the new multi-tenant management experience right from the Microsoft 365 Defender portal to manage different tenants in the same experience using the tenant switcher as shown in Figure 2. The tenant switcher allows SOC analysts to seamlessly switch between single-tenant and multi-tenant management experiences.

Figure 2: The new tenant switcher allows SOC teams to easily access multiple tenants in the same experienceFigure 2: The new tenant switcher allows SOC teams to easily access multiple tenants in the same experience

 

To gain access to multiple tenants with the same user, two options are available:

  1. Using Azure AD B2B collaboration: This option allows users to invite external guests to their tenant, allowing these guests to access resources and collaborate on projects. While this method offers a convenient way of accessing multiple tenants, it requires the creation of discrete guest accounts for each tenant.
  2. Using the new Granular Delegated Admin Privileges (GDAP) capabilities for CSPs: GDAP is a new feature specifically designed for Microsoft CSPs. It provides them with the least privileged access following the Zero Trust cybersecurity protocol and lets them configure granular and time-bound access to their customers' workloads in production and sandbox environments.

Streamline your threat hunting

Microsoft 365 Defender equips SOC teams with powerful guided and advanced hunting capabilities to proactively hunt for threats across all workloads and uncover potential blind spots in an organization's environment to prevent undetected attacks.

 

Now with multi-tenancy support, SOC analysts can easily craft KQL queries and customize detections across multiple tenants in a connected and seamless experience. Combined with our guided hunting experience that provides step-by-step assistance, the multi-tenancy support delivers accessible, efficient, and flexible threat hunting experience.​

Figure 3: Advanced hunting showing results from multiple tenantsFigure 3: Advanced hunting showing results from multiple tenants

 

The new multi-tenant management experience in Microsoft 365 Defender delivers the flexibility and scalability needed to help SOC teams stay ahead of modern attacks with speed and efficiency. It streamlines incident management and threat hunting across multiple tenants and provides SOC teams with a new approach to efficiently perform security operations across multiple tenants to eliminate the need for constant logins and context switching. The multi-tenant management experience helps organizations improve operational adaptiveness and agility, streamline security operations, centralize administration controls, and make it easier for all tenants in an organization to maintain their uniqueness while respecting organizational requirements.

 

Learn more:

 

 

 

 

Published on:

Learn more
Microsoft 365 Defender Blog articles
Microsoft 365 Defender Blog articles

Microsoft 365 Defender Blog articles

Share post:

Related posts

Is Microsoft 365 Copilot becoming our multi-agentic AI assistant?

Microsoft announced Microsoft 365 Copilot for the first time ever around a year and a half ago on the 16th March 2023. Since then, the way we ...

17 hours ago

Microsoft Teams: File Interactive Previews

Microsoft Teams is introducing file interactive previews in chats and channels, starting with PDFs and extending to other formats. The rollout...

1 day ago

Microsoft Teams: Presenter Chat while screensharing

Microsoft Teams continues to evolve, with the addition of an entry point in the presenter toolbar to facilitate easy access to meeting chat wh...

1 day ago

Filtered change notifications in Microsoft Graph callRecords API are now available

We are pleased to announce that you can now optionally filter change notifications for the callRecord GraphAPI by participant Entra Object IDs...

1 day ago

SharePoint PnP Viva Connections & SPFx JS SIG Call – November 14th, 2024 – Screenshot Summary

Community Call Highlights   SharePoint Quicklinks: Primary Community Websites: https://aka.ms/m365pnp —– PnP Sharing Is Caring: Pn...

1 day ago

Microsoft 365 admin center: New usage reports for Microsoft Copilot with enterprise data protection

The Microsoft 365 admin center is introducing a new Microsoft Copilot usage report for enterprises that will provide insights into active usag...

1 day ago

Microsoft 365 admin center multifactor authentication enforcement

Microsoft 365 is boosting its cybersecurity measures by mandating multi-factor authentication (MFA) for all Microsoft 365 admin center users b...

1 day ago

Microsoft Viva Amplify and Microsoft SharePoint: New required footers will be automatically applied to email

If you use Microsoft Viva Amplify or SharePoint, you should know that new footers will be automatically added to emails that contain shared Sh...

1 day ago

Microsoft Teams: iPad Multi-Window Support

Microsoft Teams now offers iPad users the ability to use multiple windows, allowing for easy organization of Split View experience. With this ...

1 day ago

Microsoft Teams: Authentication token modernization for Android-based Microsoft Teams devices

Microsoft Teams is introducing modern authentication tokens for Android-based Teams devices to replace the legacy Skype tokens. This includes ...

1 day ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy