Edit

Share via


Set up Microsoft Defender multitenant management

This article describes the steps you need to take to start using multitenant management for Microsoft Defender XDR and the Microsoft unified security operations platform.

  1. Review the requirements
  2. Verify your tenant access
  3. Set up Microsoft Defender multitenant management

Note

  • In multitenant management, interactions between the multitenant user and the managed tenants could involve accessing data and managing configurations. The ability to undertake these actions is determined by the permissions a managed tenant has granted the multitenant user.
  • Data privacy, role-based access control (RBAC) and Licensing are respected by Microsoft Defender multi-tenant management.

Review the requirements

The following table lists the basic requirements you need to use multitenant management for Microsoft Defender XDR and the unified security operations platform.

Requirement Description
Microsoft Defender XDR prerequisites Verify you meet the Microsoft Defender XDR prerequisites
Microsoft Defender XDR for US Government customers Check if you have the following applicable licensing requirements
Multitenant access To view and manage the data you have access to in multitenant management, you need to ensure you have the necessary access. For each tenant you want to view and manage, you need to have either:

- Granular delegated admin privileges (GDAP)
- Microsoft Entra B2B authentication

To learn more about how to synchronize multiple B2B users across tenants, see Configure cross-tenant synchronization.
Permissions Users must be assigned the correct roles and permissions at the individual tenant level, in order to view and manage the associated data in multitenant management. To learn more, see:

- Manage access to Microsoft Defender XDR with Microsoft Entra global roles
- Custom roles in role-based access control for Microsoft Defender XDR

To learn how to grant permissions for multiple users at scale, see What is entitlement management.
Security information and event management (SIEM) data (Optional) To include SIEM data with the extended detection and response (XDR) data, one or more tenants must include a Microsoft Sentinel workspace onboarded to the Microsoft unified security operations platform. For more information, see Connect Microsoft Sentinel to Microsoft Defender XDR.

Only one Microsoft Sentinel workspace per tenant is currently supported in the unified security operations platform. So in Microsoft Defender multitenant management, you have SIEM data from one Microsoft Sentinel workspace per tenant.

Access to Microsoft Sentinel data is available through Microsoft Entra B2B authentication. Microsoft Sentinel doesn't support granular delegated admin privileges (GDAP) at this time.

We recommend that you set up multifactor authentication trust for each tenant to avoid missing data in Microsoft Defender multitenant management.

Verify your tenant access

In order to view and manage the data you have access to in Microsoft Defender multitenant management, you need to ensure you have the necessary permissions. For each tenant you want to view and manage, you need to either:

Verify your tenant access with Microsoft Entra B2B

  1. Go to My account.

  2. Under Organizations > Other organizations you collaborate with see the list of organizations you have guest access to.

    Screenshot of organizations in the myaccount portal

  3. Verify all the tenants you plan to manage appear in the list.

  4. For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.

Verify your tenant access with GDAP

  1. Go to the Microsoft Partner Center.
  2. Under Customers you can find the list of organizations you have guest access to.
  3. Verify all the tenants you plan to manage appear in the list.
  4. For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.

Set up multitenant management

The first time you use Microsoft Defender multitenant management, you need setup the tenants you want to view and manage. To get started:

  1. Sign in to Microsoft Defender multitenant management

  2. Select Add tenants.

    Screenshot of the Microsoft Defender multi-tenant portal setup screen

  3. Choose the tenants you want to manage and select Add

Note

The Microsoft Defender multitenant view currently has a limit of 50 target tenants.

The features available in multitenant management now appear on the navigation bar and you're ready to view and manage security data across all your tenants.

Screenshot of Microsoft Defender multitenant management.

Next step

Use these articles to get started with Microsoft Defender multitenant management: