Set up multi-tenant management in Microsoft Defender XDR
Applies to:
This article describes the steps you need to take to start using multi-tenant management in Microsoft Defender XDR.
Note
In multi-tenant management, interactions between the multi-tenant user and the managed tenants could involve accessing data and managing configurations. The ability to undertake these actions is determined by the permissions a managed tenant has granted the multi-tenant user.
- Review the requirements
- Verify your tenant access
- Set up multi-tenant management in Microsoft Defender XDR
Note
Data privacy, role-based access control (RBAC) and Licensing are respected by multi-tenant management in Microsoft Defender XDR.
Review the requirements
The following table lists the basic requirements you need to use multi-tenant management in Microsoft Defender XDR.
| Requirement | Description |
|---|---|
| Microsoft Defender XDR prerequisites | Verify you meet the Microsoft Defender XDR prerequisites |
| Multi-tenant access | To view and manage the data you have access to in multi-tenant management, you need to ensure you have the necessary access. For each tenant you want to view and manage, you need to have either: - Granular delegated admin privileges (GDAP) - Microsoft Entra B2B authentication To learn more about how to synchronize multiple B2B users across tenants, see Configure cross-tenant synchronization. |
| Permissions | Users must be assigned the correct roles and permissions at the individual tenant level, in order to view and manage the associated data in multi-tenant management. To learn more, see: - Manage access to Microsoft Defender XDR with Microsoft Entra global roles - Custom roles in role-based access control for Microsoft Defender XDR To learn how to grant permissions for multiple users at scale, see What is entitlement management. |
Note
Setting up multi-factor authentication trust is highly recommended for each tenant to avoid missing data in multi-tenant management Microsoft Defender XDR.
Verify your tenant access
In order to view and manage the data you have access to in multi-tenant management, you need to ensure you have the necessary permissions. For each tenant you want to view and manage, you need to either:
Verify your tenant access with Microsoft Entra B2B
Go to My account.
Under Organizations > Other organizations you collaborate with see the list of organizations you have guest access to.
Verify all the tenants you plan to manage appear in the list.
For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.
Verify your tenant access with GDAP
- Go to the Microsoft Partner Center.
- Under Customers you can find the list of organizations you have guest access to.
- Verify all the tenants you plan to manage appear in the list.
- For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.
Set up multi-tenant management
The first time you use multi-tenant management in Microsoft Defender XDR, you need setup the tenants you want to view and manage. To get started:
Sign in to Multi-tenant management in Microsoft Defender XDR
Select Add tenants.
Choose the tenants you want to manage and select Add
Note
The multi-tenant view in Microsoft Defender XDR currently has a limit of 50 target tenants.
The features available in multi-tenant management now appear on the navigation bar and you're ready to view and manage security data across all your tenants.
Next step
Use these articles to get started with multi-tenant management in Microsoft Defender XDR:
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for