Is there a possibility to leverage Azure Lighthouse to access AAD logs from a different tenant? Also, let's say there are three tenants, prod, staging and dev, how can we stream AAD logs from all the three tenants to one location?

CodePudding user response：

Microsoft Sentinel with Azure Lighthouse might be one potential option for you to look for.

https://blog.cyberproof.com/blog/deploying-microsoft-azure-sentinel-siem-in-a-multi-tenancy-environment-part-1

Good luck !

CodePudding user response：

To successfully follow and deploy the Azure Lighthouse i would suggest you refer this link as step-by-step process

Azure Lighthouse enables logical projection of resources from one tenant to another tenant. it allows user ti manage tenant to access delegated resources Azure Lighthouse can also be used within an enterprise which has multiple Azure AD tenants of its own to simplify cross-tenant administration before you can use Sentinel with other tenants.

For more information in detail, please refer below links:

Cross-tenant management experiences