MSSP Sentinel

Soumya Banerjee 126 Reputation points
2022-04-04T12:13:06.817+00:00

I have a customer Az tenant and want to offer MSSP service through lighthouse in our MSSP tenant.

Question is , how does the connection works between customer tenant and our MSSP tenant. How is it accomplished ?

Do we need to publish any URL? Should we whitelist any access connection? Is there a pvt endpoint required? Is there any service account required for this access ( between customer tenant and MSSP tenant) ?

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
65 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
959 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andrew Blumhardt 9,481 Reputation points Microsoft Employee
    2022-04-04T16:32:26.903+00:00

    Here are some related docs. Quick summary:

    Lighthouse works using a small ARM template. Security groups in the managing tenant (or provider) are linked to the GUIDs of one or more built-in Azure RBAC roles. The managed tenant (or customer) deploys the template, granting access. There are many advantages of this method over user accounts or guest accounts. One benefit being that the provider can add and remove users to the group(s) without needing to bother the customer admin. Lighthouse users can also manage multiple tenants from the same logon and browser. Limitations include that this only works with built-in RBAC roles and there are some tenant-level admin tasks than cannot be performed over Lighthouse. Both the provider and customer have a management portal and auditing to track Lighthouse activity down to the user level and either side can terminate the agreement at any time. From the customer's perspective, they can grant access to an MSP without managing accounts, track the provider's user activity, and evict the MSP in one click if needed.

    https://learn.microsoft.com/en-us/azure/lighthouse/overview
    Azure Sentinel’s Technical Playbook for MSSPs: https://lnkd.in/emsR5Rz

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful