![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 39%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
996 questions
@Eduards
Thank you for your question!
Azure Sentinel supports data collection from Microsoft and Azure SaaS resources only within its own Azure Active Directory (Azure AD) tenant boundary. Therefore, each Azure AD tenant requires a separate workspace. However, if you're a Managed Security Service Provider (MSSP), you can use Azure Lighthouse to extend Azure Sentinel cross-workspace capabilities across tenants.
Manage multiple tenants in Azure Sentinel as an MSSP
For more info - https://learn.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants
If you aren't an MSSP and would like to implement this feature for non MSSP's, please feel free to leverage our Azure Sentinel GitHub page to submit a feature request.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.