Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Case management in the Microsoft Defender multitenant portal allows you to view and manage security operations (SecOps) cases from multiple tenants in a single queue. Case management supports a number of use cases:
- Define your own case workflow with custom status values
- Assign tasks to collaborators and configure due dates
- Handle escalations and complex cases by linking multiple incidents to a case
- Manage access to your cases using RBAC
- Manage cases from multiple tenants
View cases in the multitenant portal
The cases experience in the multitenant portal is just like that in the regular, single-tenant portal, but with a few extra features:
The Cases queue contains columns for Tenant and Tenant ID, so you can see which tenant each case belongs to.
If you are managing many tenants, you can search, sort, or filter the case queue by tenant. The existing sort, filter, and search capabilities also work across multiple tenants in one combined view.
Role-based access control (RBAC) settings are applied at the tenant level, so you only see cases from the tenants you have access to.
For more information, see Manage security operations cases natively in the Microsoft Defender portal.
Manage a case in the multitenant portal
Manage cases from multiple tenants at a glance in the multitenant case queue.
- To see a preview flyout panel of a case's details, select the row of the desired case.
- To open a case's full details page, select the case's name.
Navigate effortlessly between cases in different tenants without leaving the multitenant queue or losing context.
For more information on managing cases, see Manage security operations cases natively in the Microsoft Defender portal
Create a case in the multitenant portal
On the Cases page in the multitenant portal, select + Create.
In the Create case pane, select the desired tenant from the drop-down at the top, then proceed as in the single-tenant experience.
The maximum allowed per tenant is 100,000 cases.