Microsoft SecOps Gets Multiple Workspace and Tenant Support in Public Preview

Microsoft has rolled out multi-workspace for multi-tenant support to its Unified Security Operations (SecOps) Platform. This new capability is now available in public preview for commercial customers.

Microsoft’s Unified SecOps Platform integrates the capabilities of Microsoft Defender XDR, Microsoft Sentinel, Microsoft Security Exposure Management, and generative AI into a comprehensive portal. This platform enhances security operations by providing a unified view of an organization’s security posture, which offers enhanced threat detection, investigation, and response across hybrid environments. It uses AI to optimize security workflows and improve overall security management.

How does the multi-workspace for multi-tenant experience enhance SecOps?

With this release, incidents and alerts from various workloads, workspaces, and tenants are seamlessly consolidated into unified queues, which gives security teams a centralized view for efficient management. Each alert and incident remains associated with its respective workspace and tenant to preserve data boundaries. Moreover, all changes made within the Unified SecOps portal are bi-directionally synchronized with Microsoft Sentinel in the Azure portal to ensure consistency across both platforms.

The Advanced Hunting section offers a centralized space where administrators can explore and analyze all their security data. It enables querying Microsoft Sentinel across multiple workspaces and tenants. Administrators can use the workspace operator to search different workspaces and tenants. This makes it easier to correlate data and identify potential security threats.

To access the unified SecOps platform for managing multiple tenants and workspaces, users will need to sign in to the multi-tenant portal. Administrators will need to onboard each tenant’s workspaces individually in the single-tenant portal.

Microsoft notes that customers who want to use the multi-workspace capability in the Unified SecOps Platform must enable Azure Lighthouse and B2B (Business-to-Business) collaboration. If you’re interested, you can learn more about how to onboard multiple workspaces and tenants to the unified platform on this support page.