AzureFeeds

If you’re responsible for securing a large enterprise or operating as a Managed Security Service Provider (MSSP), you know how complex it can be to track and manage cases across multiple tenants. Visibility gaps and fragmented workflows often slow down response times and increase operational overhead. 

We’re excited to share that multi-tenant support is now generally available in our case management experience. This new capability empowers security teams to view and manage incidents across all their tenants from a single, unified interface—directly within the Microsoft Defender Multi-Tenant (MTO) portal. 

This release marks a significant milestone in our mission to deliver a fully integrated, security-first case management system that spans all Security Operations (SecOps) workloads. By consolidating case handling into a native experience, we’re helping customers reduce their dependence on third-party Security Information and Event Management (SIEM), Extended Detection and Response (XDR), and ticketing systems. 

Multi-tenant case management is available to all Microsoft Sentinel customers who have onboarded to the Defender portal. Whether you’re managing internal security or delivering services to multiple clients, this enhancement simplifies operations and strengthens your ability to respond to threats quickly and effectively. 

Beyond complex incident response, use cases include centralized threat hunting across tenants, streamlined detection tuning to reduce noise and false positives, and aggregating threat intelligence (TI) related to specific threat actors. These workflows are now easier to execute and scale across environments. 

Want to learn more about how this feature works and how to get started? Visit the full announcement on the Sentinel Tech Community blog for in-depth details, use cases, and guidance on enabling multi-tenant case management in your environment.