7 Feb 2023 • 4 min read • Public

Enabling MSP, MSSPs and customers to Run Their Own Azure Management Applications In Minutes

Microsoft Azure provides a powerful way for #MSP, #MSSPs, and direct companies, to add custom Azure management automation that keeps all data in their tenant, or in the case of the MSP/MSSP in the customer tenant.

Azure Active Directory Azure Security Cloud Security Conditional Access IAM Intune Kusto KQL Log Analytics Workspace security Senserva Microsoft Sentinel Microsoft general security shavlik

Senserva

Enabling MSP, MSSPs and customers to Run Their Own Azure Management Applications, Keeping all Data in Their Tenant

This design is the core of #Senserva and its one of main things that makes us unique, however this article is general purpose and Senserva's implementation is provided at the end of the article as a detailed case study.

The diagram below overviews one good way to leverage this model for an MSSP but it works for a direct customer as well.

In this model the MSP/MSSP or end customer creates a management application in a management tenant, show as green in the diagram. The blue tenants are customer tenants, they can hold management data, or they can have the MSSP hold it. But beyond this data never leaves those tenants, if a customer holds the data, it never leaves their tenant, if they want to partner to manage the data it never leaves the partner's tenant for example. And in no case does the data go to the product vendor if there is one.

As a contrast, legacy third party (i.e., non-Microsoft) management tools pull data to their systems. Customers do not want this to happen as a rule, and with the Cloud there is no reason to do it, at least not from the customer's perspective.

This diagram does include optional rollups so the MSSP can review non PII items across all customers. (Personal Identifiable Information can be represented by non-reversable Azure ID in the roll up data).

No alt text provided for this image — Created by Senserva

This model uses the #LogAnalyticsWorkspace, its a great database because it removes data as it ages out, enabling management products to provide a continual flow of information with no effort.

LAW is also the core of Azure security, and many products use it including #MicrosoftSentinel which enables a great security eco-system. This system brings together information from any number of third-party products and from Microsoft itself. The MSSP can add their own management solution and it immediately integrates, fitting right in.

The model also breaks out the security manager service into its own Azure App Service, in this case Senserva, and keeps it separate from the user interface, in this case an MSSP labeled private web server running as an App Service. The web service can be highly secured because its not general purpose or multi-tenant, its dedicated to the partners and their customers. These two services can be put into one #AzureAppService but they should remain separate run-times so they can each have their own security creds. one reads and one writes. The Azure App Service is also used to support dev/beta/production builds - it does this right out of the box.

Customers can mix and match this model, moving web servers into their own tenant to further lock them down for example.

And to add a new tenant all that need be done is add the tenant to the management services, no other install need be done.

Here is an alternative model where the #MSSP product is installed in every tenant, coming from the Microsoft Marketplace, with #Azure #Lighthouse and #Azure #DevOps used to manage the systems once installed. The diagram mentions Senserva but any product can be made to work like this.

In this model the MSSP, or direct customer, provides a complete end-to-end solution to their external or internal customers. The Microsoft Marketplace handles the installation and Lighthouse/DevOps take over the ongoing management.

Next, this diagram contains a definition of what how the management software can be created. This diagram can be any run time, in this case Senserva is used to filter data before it goes into the Log Analytics Workspace.

These are example of what Senserva works with, including creating solutions specific for an MSSP or customer. And the big win here is we do all the #KQL so you do not have to (!) This get a little marketing-ish here as promised. And please keep in mind, all our data is designed to work with #microsoftsentinel, for threat hunting, alerts or other.

Oh yes, the title of this article includes "in minutes" - this is done when we do all the work for you, by extending our core technologies to add management tasks specific to your needs. We can take all your KQL, put it into an application and extend our UI for it. We just need 15 minutes a week from you to make this happen. Even more marketing!

Visit us at the Microsoft Azure Marketplace or email us at sales@senserva.com for more information. Thanks!

You might also like!

Senserva and MSSPs

Senserva is an easy-to-use, in-depth, customizable solution focused on helping MSSPs manage entitlement, configuration, compliance, and response with greater efficiency and less cost. We close the security gap by finding hard to get, critical data and turning it into actionable knowledge

MSSP Sentinel MISA 10 Nov 2022 1 min read Public

In-depth Senserva Insights from CEO Mark Shavlik

The Senserva team and I spent a good amount of time creating the content for this video as we often get asked "What does Senserva do?". Senserva is integrated with Microsoft security products, including Microsoft Sentinel, Defenders, Intune, Azure Active Directory and others.

Azure Active Directory 23 Feb 2023 1 min read Public

Senserva

Security Automation is the core value of Senserva and its products. Founded by Mark Shavlik to automate Cloud security.

Senserva 6 Jul 2022 4 min read Public

About

Senserva is focused on work with our customers and partners to create a more secure environment by automating around what the customer already has or can easily obtain.

Senserva 4 Jul 2022 1 min read Public

New Senserva Web Site is On Line

Senserva has a great new web site, its full of details around what we help secure and how we work with high end security partners to provide a full solution.

Azure Active Directory 11 Mar 2024 1 min read Public

LinkedIn Senserva Video

Azure Active Directory 29 Jan 2023 1 min read Public

Senserva Video

We worked with the Microsoft MISA team to create this great video. Thank you MISA and Team! The video is a great high level introduction to Senserva, please take a look. 0:00 /0:55 1× Find Senserva in the Azure Market Place

Azure Active Directory 9 Jan 2023 1 min read Public

Senserva and Microsoft announced we are a Security ISV of the Year and Endpoint Management Trailblazer finalist in the Microsoft Security Excellence Awards!

Senserva builds with the Microsoft security products and Microsoft focused security services providers to provide customers a unified solution.

Azure Active Directory 17 Mar 2024 3 min read Public

Senserva Updates

The Senserva team and myself would like to send you a quick update as we have launched several new items to start the year, and to thank everyone for their support!

Azure Active Directory 26 Jan 2023 2 min read Public

Azure AD Role Scoring

At the time of writing this post, Azure AD contains 91 built-in administrative roles. These roles have varying degrees of power within Azure AD. The team at Senserva has built a scoring system for grading these roles so that our analytics platform can grade each user's power level

Azure Active Directory 10 Jul 2023 8 min read Public