Using Azure Lighthouse and Azure Sentinel to Investigate Attacks Across Multiple Tenants

Since this blog was first written much more comprehensive documentation on Azure Lighthouse usage with Azure Sentinel has been produced. Whilst this blog provides an overview it is strongly recommended that users refer to this documentation:Build a scalable security practice with Azure Lighthouse and Azure Sentinel | Azure Blog and Updates...Azure Lighthouse provides capability for cross-tenancy management of Azure services for Managed Service Providers (MSPs) and organizations with multiple Azure tenants, all from a single Azure portal. Azure Lighthouse is integrated with Azure Sentinel allowing organizations to easily manage Azure Sentinel workspaces from across multiple tenants. In this blog we will show you how to configure Azure Lighthouse, and how to use its capabilities to investigate an attack as it targets several customers at once.Full documentation on Azure Lighthouse can be found here.Enabling Azure Lighthouse for Sentinel requires configuration on both the managing tenant...