Set up Microsoft Defender multitenant management
This article describes the steps you need to take to start using multitenant management for Microsoft Defender XDR and the Microsoft unified security operations platform.
Note
- In multitenant management, interactions between the multitenant user and the managed tenants could involve accessing data and managing configurations. The ability to undertake these actions is determined by the permissions a managed tenant has granted the multitenant user.
- Data privacy, role-based access control (RBAC) and Licensing are respected by Microsoft Defender multi-tenant management.
The following table lists the basic requirements you need to use multitenant management for Microsoft Defender XDR and the unified security operations platform.
Requirement | Description |
---|---|
Microsoft Defender XDR prerequisites | Verify you meet the Microsoft Defender XDR prerequisites |
Microsoft Defender XDR for US Government customers | Check if you have the following applicable licensing requirements |
Multitenant access | To view and manage the data you have access to in multitenant management, you need to ensure you have the necessary access. For each tenant you want to view and manage, you need to have either: - Granular delegated admin privileges (GDAP) - Microsoft Entra B2B authentication To learn more about how to synchronize multiple B2B users across tenants, see Configure cross-tenant synchronization. |
Permissions | Users must be assigned the correct roles and permissions at the individual tenant level, in order to view and manage the associated data in multitenant management. To learn more, see: - Manage access to Microsoft Defender XDR with Microsoft Entra global roles - Custom roles in role-based access control for Microsoft Defender XDR To learn how to grant permissions for multiple users at scale, see What is entitlement management. |
Security information and event management (SIEM) data (Optional) | To include SIEM data with the extended detection and response (XDR) data, one or more tenants must include a Microsoft Sentinel workspace onboarded to the Microsoft unified security operations platform. For more information, see Connect Microsoft Sentinel to Microsoft Defender XDR. Only one Microsoft Sentinel workspace per tenant is currently supported in the unified security operations platform. So in Microsoft Defender multitenant management, you have SIEM data from one Microsoft Sentinel workspace per tenant. Access to Microsoft Sentinel data is available through Microsoft Entra B2B authentication. Microsoft Sentinel doesn't support granular delegated admin privileges (GDAP) at this time. |
We recommend that you set up multifactor authentication trust for each tenant to avoid missing data in Microsoft Defender multitenant management.
In order to view and manage the data you have access to in Microsoft Defender multitenant management, you need to ensure you have the necessary permissions. For each tenant you want to view and manage, you need to either:
Go to My account.
Under Organizations > Other organizations you collaborate with see the list of organizations you have guest access to.
Verify all the tenants you plan to manage appear in the list.
For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.
- Go to the Microsoft Partner Center.
- Under Customers you can find the list of organizations you have guest access to.
- Verify all the tenants you plan to manage appear in the list.
- For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.
The first time you use Microsoft Defender multitenant management, you need setup the tenants you want to view and manage. To get started:
Sign in to Microsoft Defender multitenant management
Select Add tenants.
Choose the tenants you want to manage and select Add
Note
The Microsoft Defender multitenant view currently has a limit of 50 target tenants.
The features available in multitenant management now appear on the navigation bar and you're ready to view and manage security data across all your tenants.
Use these articles to get started with Microsoft Defender multitenant management: