🔥 3-day streak
Microsoft Security Operations Analyst166 / 190
Question 166 of 190

Your organization is a managed security service provider (MSSP) that monitors three customer tenants, each with its own Microsoft Sentinel workspace, plus your own central workspace. Analysts in your SOC need to run a single scheduled analytics rule that correlates sign-in failures across all four workspaces to detect password-spray campaigns spanning tenants. What is the recommended approach to enable this cross-workspace, cross-tenant detection while keeping each customer's data in its own workspace?

Reviewed for accuracy · Report an issueNext question