How to Construct a Scalable Security Practice with the Help of Azure Lighthouse & Azure Sentinel

Today, organizations of different sizes are looking for reducing costs, complexity and gain efficiencies in their security operations. Cloud security solutions help to meet all these requirements by providing simplicity, flexibility, automatic scalability, pay for use and protection across varied environments, more and more companies are embracing security solutions. 

While achieving efficiencies is the need, organizations are also facing a shortage of security experts in the market. Where there are huge potentials for the service providers to fill the gap by offering and building security services on top of cloud security solutions. As security solutions is on high demand on every organization, looking for experts on Azure are also demanding by the organizations. So, become an expert Azure professional, Azure online training or training is Azure from a goo resource or institutions is highly recommended by us. Now, before diving into the depth, let’s discuss on the introduction of Azure Lighthouse and Azure Sentinel. 

Azure Lighthouse: 

Azure Lighthouse helps service providers as well as large organizations to manage surroundings with multiple customers or individual subsidiaries, at the scale from their single centralize control plane. Since the launch of the Azure Lighthouse, it has been adopted by both enterprises and service providers with millions of Azure resources being managed at scale across mixed environments.  

Azure Sentinel:

Azure Sentinel is a cloud-native Security Orchestration Automated Response (SOAR) and Security Information Event Management (SIEM) solution from Microsoft. It will enable the collection of security data at scale across your whole enterprise including Microsoft 365 services, Azure Services or from hybrid environments including firewalls, clouds and partner security tools. Azure Sentinel is also being used to provide built-in AI advanced querying capabilities to investigate, detect, respond, and moderate threats professionally.

How Azure Lighthouse and Azure Sentinel together can architect a scalable security practice?


To start building a security practice that can scales across several customer environments for service providers or to support organizations centrally monitor as well as manage the security operations on individual subsidiaries, it is always recommended to use a distributed deployment and centralize management model. Here you can organize Azure Sentinel workspaces within the tenant which mainly belongs to the customer or subsidiary and can also able to manage it centrally from a central Security Operations Center (SOC)unit’s or from within a services providers’ tenant within a company.

After that, you will be able to leverage Azure Lighthouse’s capabilities to manage and perform security operations from the central managing tenant on the Azure Sentinel workspaces that is located in the managed tenant. 

To configure an deploy these workspaces at scale, Azure Lighthouse an Azure Sentinel both offers powerful automation capabilities to use it effectively with CI/Cd pipelines across tenants. 

Visualizing & monitoring data on customer environments: 

Another technology which works well across tenants is Azure Sentinel’s dashboarding technology – Azure Monitor Workbooks. You can choose to deploy workbooks in the managing tenant or manage tenant according to your needs. You can add a multi workspace selector within a workbook to monitor and visualize data an essentially get data insights across multiple workspaces, customers and subsidiaries if required.

Threat Hunting an Investigation on Cross Tenants:

Running the queries to search for threats and investigating them is an important part of SOC analyst’s job. With the help of the Azure Lighthouse, you would be able to deploy Log analytics queries in the central managing tenant an again run those queries across the managed tenants using workspace expression and union operator.

Automate Responses through Playbooks:

Security Playbooks can be easily used for automatic mitigation when an alert is triggered. The playbooks can be deployed either in the managing tenant or the individual managed tenant with the response procedures configured base on which tenant’s users will be required to take action in the response of the security threat. 

Cross-tenant incident management:

There are multiple workspace incident views present to facilitates centralized incident monitoring and management throughout multiple Azure Sentinel workspaces an across Azure Active Directory (Azure Ad) tenants by using Azure Lighthouse. 


To know about the above work activities of Azure Lighthouse an Azure Sentinel, you must join a session of Azure online training in Hyderabad or other places of India to become professional an expert in this field and work practically to get the most benefits from it.

Leave a Reply

Your email address will not be published. Required fields are marked *