Respond to threats across tenants more effectively with Microsoft 365 Defender multi-tenant support
Multi-tenant environments add an additional layer of complexity to today’s ever-evolving threat landscape. Whether organizations have grown through acquisition, or have strategically implemented multi-tenant setups, navigating across multiple environments is no small task. Mundane and repetitive tasks require security operations center (SOC) teams to log in and out of each customer environment individually. This not only consumes valuable time but also reduces the overall efficiency of the SOC teams. To improve efficiency and stay ahead of modern attacks, SOC teams need an efficient yet comprehensive security solution that delivers a unified and connected experience to boost their security operations.
Microsoft 365 Defender is an industry-leading XDR platform that delivers unified investigation and response experience and provides native protection across endpoints, identities, email, collaboration tools, cloud apps, and data.
Today we are excited to expand our current public preview for multi-tenant environments in Microsoft 365 Defender, which provides large organizations with the much-needed visibility and ease of use across their distributed environments. This addition marks the first wave of improvements, with a focus on global SOC investigation flows, including a consolidated view of incidents across tenants, device inventory, vulnerability management, the ability to perform advanced hunting across data in multiple tenants, and more.
Multi-customer management for partners
The new multi-tenant capabilities in Microsoft 365 Defender are also useful for Managed Security Service Provider (MSSP) partners supporting enterprises. They can now gain visibility into security incidents, alerts, and threat hunting across multiple customers through a single pane of glass, and help them efficiently run their SOC.
For small and medium business focused managed service provider (MSP) partners who need a full set of capabilities to manage customers spanning security, identity, management, and Microsoft 365 applications in a unified experience, we continue to recommend using Microsoft 365 Lighthouse. Microsoft 365 Lighthouse is a unified portal available to Cloud Solution Provider (CSP) partners that includes a broader set of capabilities, optimized MSP partners, particularly those using our Microsoft 365 Business Premium and Defender for Business. It includes a multi-tenant view of Defender for Business incidents and alerts, vulnerability management and exposure scores, as well as security baselines with configuration drift analysis across multi-tenants spanning span identity, Intune, and more. The Lighthouse and multi-tenant organization (MTO) support comparison FAQ lists the capabilities of both platforms in detail.
As we build out Microsoft 365 Defender multi-tenant capabilities, we will share more on the combined roadmap for Microsoft 365 Lighthouse and MTO.
A centralized place to manage incidents across tenants
Whether it’s searching for the most critical high-severity incidents scattered throughout a large organization or monitoring sanitation efforts across the board, the new multi-tenant management experience provides SOC analysts with all the information in one place to efficiently perform incident investigation and remediation across multiple tenants at scale. No need to log in and out of each individual tenant.
SOC analysts can easily access the new multi-tenant management experience right from the Microsoft 365 Defender portal to manage different tenants in the same experience using the tenant switcher as shown in Figure 2. The tenant switcher allows SOC analysts to seamlessly switch between single-tenant and multi-tenant management experiences.
To gain access to multiple tenants with the same user, two options are available:
- Using Azure AD B2B collaboration: This option allows users to invite external guests to their tenant, allowing these guests to access resources and collaborate on projects. While this method offers a convenient way of accessing multiple tenants, it requires the creation of discrete guest accounts for each tenant.
- Using the new Granular Delegated Admin Privileges (GDAP) capabilities for CSPs: GDAP is a new feature specifically designed for Microsoft CSPs. It provides them with the least privileged access following the Zero Trust cybersecurity protocol and lets them configure granular and time-bound access to their customers' workloads in production and sandbox environments.
Streamline your threat hunting
Microsoft 365 Defender equips SOC teams with powerful guided and advanced hunting capabilities to proactively hunt for threats across all workloads and uncover potential blind spots in an organization's environment to prevent undetected attacks.
Now with multi-tenancy support, SOC analysts can easily craft KQL queries and customize detections across multiple tenants in a connected and seamless experience. Combined with our guided hunting experience that provides step-by-step assistance, the multi-tenancy support delivers accessible, efficient, and flexible threat hunting experience.
The new multi-tenant management experience in Microsoft 365 Defender delivers the flexibility and scalability needed to help SOC teams stay ahead of modern attacks with speed and efficiency. It streamlines incident management and threat hunting across multiple tenants and provides SOC teams with a new approach to efficiently perform security operations across multiple tenants to eliminate the need for constant logins and context switching. The multi-tenant management experience helps organizations improve operational adaptiveness and agility, streamline security operations, centralize administration controls, and make it easier for all tenants in an organization to maintain their uniqueness while respecting organizational requirements.
Learn more:
- Check out multi-tenant management experience to get started today.
- Explore multi-tenant management documentation.
- Read the documentation to learn more about Microsoft Lighthouse.
- Want to learn more about Microsoft’s XDR? Visit our website.
Published on:
Learn moreRelated posts
Is Microsoft 365 Copilot becoming our multi-agentic AI assistant?
Microsoft announced Microsoft 365 Copilot for the first time ever around a year and a half ago on the 16th March 2023. Since then, the way we ...
Microsoft Teams: File Interactive Previews
Microsoft Teams is introducing file interactive previews in chats and channels, starting with PDFs and extending to other formats. The rollout...
Microsoft Teams: Presenter Chat while screensharing
Microsoft Teams continues to evolve, with the addition of an entry point in the presenter toolbar to facilitate easy access to meeting chat wh...
Filtered change notifications in Microsoft Graph callRecords API are now available
We are pleased to announce that you can now optionally filter change notifications for the callRecord GraphAPI by participant Entra Object IDs...
SharePoint PnP Viva Connections & SPFx JS SIG Call – November 14th, 2024 – Screenshot Summary
Community Call Highlights SharePoint Quicklinks: Primary Community Websites: https://aka.ms/m365pnp —– PnP Sharing Is Caring: Pn...
Microsoft 365 admin center: New usage reports for Microsoft Copilot with enterprise data protection
The Microsoft 365 admin center is introducing a new Microsoft Copilot usage report for enterprises that will provide insights into active usag...
Microsoft 365 admin center multifactor authentication enforcement
Microsoft 365 is boosting its cybersecurity measures by mandating multi-factor authentication (MFA) for all Microsoft 365 admin center users b...
Microsoft Viva Amplify and Microsoft SharePoint: New required footers will be automatically applied to email
If you use Microsoft Viva Amplify or SharePoint, you should know that new footers will be automatically added to emails that contain shared Sh...
Microsoft Teams: iPad Multi-Window Support
Microsoft Teams now offers iPad users the ability to use multiple windows, allowing for easy organization of Split View experience. With this ...
Microsoft Teams: Authentication token modernization for Android-based Microsoft Teams devices
Microsoft Teams is introducing modern authentication tokens for Android-based Teams devices to replace the legacy Skype tokens. This includes ...