Please refer to the below list of commonly asked questions regarding Red Canary and Microsoft Provisioning for Microsoft Defender for Endpoint (MDE).
Please open a support case if there are any further questions we can help with.
In order for Red Canary's security analysts to log into a customer's Defender for Endpoint console, Microsoft requires the customer give permissions to the Red Canary tenant that contains all of our trusted, verified users (only Red Canary employees) to allow this access.
Is the tenant ID that Red Canary provides a separate tenant for each customer?
The redcanary.com tenant is Red Canary's corporate and is managed by Red Canary.
How many users are in the tenant/directory for which we configure trust? What is the role of the personnel?
The tenant has users who are strategically enabled to have Microsoft Azure accounts due to their role. This consists of Red Canary employees who will require access to your tenant/directory to help with detection and troubleshooting.
Can I set up two roles, one without Live Response and one with it that requires justification?
The roles can be configured this way. Live response is currently not a prerequisite for Red Canary to perform our service, but rather a value add.