Share via

Azure lighthouse with Sentinel

AsAdmin 401 Reputation points
2021-10-13T12:26:20.437+00:00

We have a requirement of managing multiple customers environment with Sentinel and we were made aware about Azure light house.
I want to know when the customer allow us (MSSP) on their Azure subscription what kind of security standards are in place so that we do not have more than what we need. (This came from 1 of the customers as they are not so sure about giving us permissions on their subscription for managing their security).
Also does azure lighthouse means they send the logs directly to us and we get charged for storing the logs instead of customer. How to handle the costing in this case.

Microsoft Security | Microsoft Sentinel
0 comments
Answer accepted by question author
  1. Alan Kinane 17,356 Reputation points MVP Volunteer Moderator
    2021-10-13T16:14:05.657+00:00

    Azure Lighthouse is an access delegation service so this can be scoped to only the resource group(s) that you need access to on your customer subscriptions.
    You can use RBAC to assign only the level of access required. https://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer

    For Azure Sentinel you may only require access to the resource group where the Log Analytics Workspace is deployed on the customer tenant.

    Depending on how you architect your solution will determine the costs, so for example if each customer hosts their own Sentinel service and log analytics workspace then the costs will be on the customer subscription. You can still manage this centrally through your MSSP tenant using Azure Lighthouse.

    https://learn.microsoft.com/en-us/azure/sentinel/extend-sentinel-across-workspaces-tenants

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.