Configure managed security service provider integration (Microsoft)

You’ll need to take the following configuration steps to enable the managed security service provider (MSSP) integration.

The integration will allow MSSPs to take the following actions:

• Get access to MSSP customer’s Microsoft 365 Defender portal
• Get email notifications, and
• Fetch alerts through security information and event management (SIEM) tools

Before MSSPs can take these actions, the MSSP customer will need to grant access to their Defender for Endpoint tenant so that the MSSP can access the portal.

Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP.

In general, the following configuration steps need to be taken:

• Grant the MSSP access to Microsoft 365 Defender

  This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer’s Defender for Endpoint tenant.

• Configure alert notifications sent to MSSPs

  This action can be taken by either the MSSP customer or MSSP. This lets the MSSPs know what alerts they need to address for the MSSP customer.

• Fetch alerts from MSSP customer’s tenant into SIEM system

  This action is taken by the MSSP. It allows MSSPs to fetch alerts in SIEM tools.

• Fetch alerts from MSSP customer’s tenant using APIs

  This action is taken by the MSSP. It allows MSSPs to fetch alerts using APIs.

Multi-tenant access for MSSPs

For information on how to implement a multi-tenant delegated access, see Multi-tenant access for Managed Security Service Providers.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team