How Microsoft Defender XDR multi-tenant management (MTO) can benefit your security operations

on

Hello,

As a security professional, you know how challenging it can be to manage multiple tenants in your organization or across your customers. Navigating across different portals, signing in and out of each tenant, and keeping track of incidents and alerts can be time-consuming and inefficient.

That’s why I want to introduce you to Microsoft Defender XDR multi-tenant management, a new feature that provides you with a single, unified view of all the tenants you manage. With multi-tenant management, you can:


  • Manage incidents and alerts originating from multiple tenants in one place
  • Proactively hunt for threats across multiple tenants using advanced hunting capabilities
  • View and manage custom detection rules across multiple tenants
  • Explore device counts and vulnerability management information across multiple tenants

Multi-tenant management is designed to improve your security operations by simplifying the management of multi-tenant environments. Whether you are an enterprise with multiple tenants for different departments or purposes, or a managed security service provider (MSSP) with multiple customers, multi-tenant management can help you gain visibility and control over your security posture.


Some use cases:

  • Use case 1: You are an enterprise with multiple tenants for different departments or purposes. You want to monitor and respond to security incidents and alerts across all your tenants from a single portal. With multi-tenant management, you can view and manage all the incidents and alerts originating from your tenants in one place, without having to sign in and out of each tenant. You can also use advanced hunting to proactively search for threats across your tenants using KQL queries.
  • Use case 2: You are a managed security service provider (MSSP) with multiple customers. You want to provide your customers with the best security service and visibility into their security posture. With multi-tenant management, you can gain insight into security incidents, alerts, and vulnerability management across your customers through a single pane of glass. You can also create and manage custom detection rules across your customers to tailor your security service to their needs.
  • Use case 3: You are a security analyst who needs to investigate a suspicious alert that was triggered in one of your tenants. You want to quickly gather all the relevant information and evidence to determine the scope and impact of the alert. With multi-tenant management, you can access the alert details, device information, and related alerts from the same portal, without having to switch between tenants. You can also use the Microsoft Defender XDR investigation graph to visualize the alert chain and related entities across tenants.

So to everyone who hasn't tested MTO yet, I recommend that you start today.