In my opinion, there are a couple of things an MSSP should do in order to secure a customers cloud environment: Continuous improvementīecause the cloud is ever changing, you need to be on top of the latest developments. In the meanwhile, your customers don’t have to worry about all the recent attacks because you have them covered. As an MSSP, you can focus on becoming an expert for the Microsoft 365 Security stack in order to help your customers. This is where there is an opportunity for you as an MSSP that can create a mutual benefit. For a company with a small(er) IT team, this can be a lot of information for which they might not have the knowledge nor time. You have to monitor a lot of different portals and be mindful of what each portal is meant for. When you start implementing a lot of the security controls that Microsoft 365 has to offer, such as: This is just one of the many examples of threats that a company should be aware of when moving to the cloud. Things like OAuth phishing attacks are a real threat that customers should be aware of and defend against. While I absolutely love the cloud, it does come with it’s own challanges. They migrate the mailboxes to the cloud, enable MFA (if the customer is lucky) and call it a day. Too often than not, I see MSSP’s or consultants in general migrating a company to the cloud without much aftercare. I was inspired by one of his blog ‘ Why aren’t you charging your customers to take care of M365‘ to write this blog about how Azure Sentinel can provide a benefit to MSSP’s. I often see this when talking to different MSSP’s.Īlex Fields has an awesome blog over at which focuses on the Microsoft 365 stack for MSSP’s. When you start talking about a ‘SIEM’ solution, there are often hesistant in deploying one because they are scared the setup might become too complex. ![]() ![]() It’s on the fastest moving product within the Microsoft Security stack and provides some awesome capabilities.īut unfortunately, a lot of people seem to be afraid of it. You will see all the workspaces in the selected subscriptions, and you'll be able to work with them seamlessly, like any workspace in your own tenant.If you have been following me on Twitter or my blog, it’s no secret that I absolutely love Azure Sentinel. Under Directory + subscription, select the delegated directories (directory = tenant), and the subscriptions where your customer's Microsoft Sentinel workspaces are located. How to access Microsoft Sentinel in managed tenants If the provider's status is NotRegistered, select Register. Select Subscriptions from the Azure portal, and then select a relevant subscription from the menu.įrom the navigation menu on the subscription screen, under Settings, select Resource providers.įrom the subscription name | Resource providers screen, search for and select Microsoft.OperationalInsights and Microsoft.SecurityInsights, and check the Status column. To verify registration, take the following steps: If you have registered Microsoft Sentinel in your tenant, and your customers in theirs, you are ready to get started. In addition, each of your customers' tenants must have the resource providers registered. ![]() Prerequisitesįor this to work properly, your tenant (the MSSP tenant) must have the Microsoft Sentinel resource providers registered on at least one subscription. ![]() If you're a managed security service provider (MSSP) and you're using Azure Lighthouse to offer security operations center (SOC) services to your customers, you can manage your customers' Microsoft Sentinel resources directly from your own Azure tenant, without having to connect to the customer's tenant.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |