Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes the steps you need to take to start using multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal.
Note
- In multitenant management, interactions between the multitenant user and the managed tenants could involve accessing data and managing configurations. The ability to undertake these actions is determined by the permissions a managed tenant has granted the multitenant user.
- Data privacy, role-based access control (RBAC) and Licensing are respected by Microsoft Defender multi-tenant management.
Review the requirements
The following table lists the basic requirements you need to use multitenant management for Microsoft Defender XDR and Microsoft Sentinel in the Defender portal.
| Requirement | Description | 
|---|---|
| Microsoft Defender XDR prerequisites | Verify you meet the Microsoft Defender XDR prerequisites | 
| Microsoft Defender XDR for US Government customers | Check if you have the following applicable licensing requirements | 
| Multitenant access | To view and manage the data you have access to in multitenant management, you need to ensure you have the necessary access. - For Microsoft Defender data, you must have either: - Granular delegated admin privileges (GDAP) - Microsoft Entra B2B authentication - For Microsoft Sentinel data, you must have Azure Lighthouse to gain access to Microsoft Sentinel in other tenants' workspaces. GDAP isn't supported for Microsoft Sentinel data, so you must also have Microsoft Entra B2B authentication. To learn more about how to synchronize multiple B2B users across tenants, see Configure cross-tenant synchronization. | 
| Permissions | Users must be assigned the correct roles and permissions at the individual tenant level, in order to view and manage the associated data in multitenant management. To learn more, see: - Manage access to Microsoft Defender XDR with Microsoft Entra global roles - Custom roles in role-based access control for Microsoft Defender XDR To learn how to grant permissions for multiple users at scale, see What is entitlement management. | 
| Security information and event management (SIEM) data (Optional) | To include SIEM data with the extended detection and response (XDR) data, one or more tenants must include a Microsoft Sentinel workspace onboarded to Microsoft Defender. For more information, see Connect Microsoft Sentinel to Microsoft Defender XDR. The Defender portal allows you to connect to one primary workspace and multiple secondary workspaces for Microsoft Sentinel. For more information, see Multiple Microsoft Sentinel workspaces in the Defender portal. Access to Microsoft Sentinel data is available through Microsoft Entra B2B authentication. Microsoft Sentinel doesn't support granular delegated admin privileges (GDAP) at this time. | 
We recommend that you set up multifactor authentication trust for each tenant to avoid missing data in Microsoft Defender multitenant management.
Verify your tenant access
In order to view and manage the data you have access to in Microsoft Defender multitenant management, you need to ensure you have the necessary permissions. For each tenant you want to view and manage, you need to either:
Verify your tenant access with Microsoft Entra B2B
- Go to My account. 
- Under Organizations > Other organizations you collaborate with see the list of organizations you have guest access to. 
- Verify all the tenants you plan to manage appear in the list. 
- For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant. 
Verify your tenant access with GDAP
GDAP is not supported for Microsoft Sentinel data, and provides access to Defender data only.
- Go to the Microsoft Partner Center.
- Under Customers you can find the list of organizations you have guest access to.
- Verify all the tenants you plan to manage appear in the list.
- For each tenant, go to the Microsoft Defender portal and sign in to validate you can successfully access the tenant.
Set up multitenant management
The first time you use Microsoft Defender multitenant management, you need setup the tenants you want to view and manage. To get started:
- Sign in to Microsoft Defender multitenant management 
- Select Add tenants. 
- Choose the tenants you want to manage and select Add 
Note
The Microsoft Defender multitenant view currently has a limit of 100 target tenants.
The features available in multitenant management now appear on the navigation bar and you're ready to view and manage security data across all your tenants.
Next step
Use these articles to get started with Microsoft Defender multitenant management:
 
 
