Sentinel workspaces articles - upd for Defender

Author: cwatson-cat

articles/sentinel/extend-sentinel-across-workspaces-tenants.md

@@ -3,9 +3,9 @@ title: Extend Microsoft Sentinel across workspaces and tenants
 description: How to use Microsoft Sentinel to query and analyze data across workspaces and tenants.
 author: yelevin
 ms.topic: how-to
-ms.date: 06/28/2023
+ms.date: 10/17/2024
 ms.author: yelevin
-
+appliesto: Microsoft Sentinel in the Azure portal
 
 #Customer intent: As a security analyst, I want to query data across multiple workspaces and tenants so that I can centralize incident management and enhance threat detection capabilities.
 
@@ -15,6 +15,8 @@ ms.author: yelevin
 
 When you onboard Microsoft Sentinel, your first step is to select your Log Analytics workspace. While you can get the full benefit of the Microsoft Sentinel experience with a single workspace, in some cases, you might want to extend your workspace to query and analyze your data across workspaces and tenants. For more information, see [Design a Log Analytics workspace architecture](/azure/azure-monitor/logs/workspace-design) and [Prepare for multiple workspaces and tenants in Microsoft Sentinel](prepare-multiple-workspaces.md).
 
+If you onboard Microsoft Sentinel to the Microsoft Defender portal, see [Microsoft Defender multitenant management](/defender-xdr/mto-overview).
+
 ## Manage incidents on multiple workspaces
 
 Microsoft Sentinel supports a [multiple workspace incident view](./multiple-workspace-view.md) where you can centrally manage and monitor incidents across multiple workspaces. The centralized incident view lets you manage incidents directly or drill down transparently to the incident details in the context of the originating workspace.

articles/sentinel/multiple-workspace-view.md

@@ -3,9 +3,9 @@ title: Work with Microsoft Sentinel incidents in many workspaces at once | Micro
 description: How to view incidents in multiple workspaces concurrently in Microsoft Sentinel.
 author: yelevin
 ms.topic: conceptual
-ms.date: 01/11/2022
+ms.date: 10/17/2024
 ms.author: yelevin
-
+appliesto: Microsoft Sentinel in the Azure portal
 
 #Customer intent: As a security analyst, I want to manage and investigate incidents across multiple workspaces and tenants so that I can maintain comprehensive visibility and control over my organization's security posture.
 
@@ -17,6 +17,8 @@ ms.author: yelevin
 
 [!INCLUDE [reference-to-feature-availability](includes/reference-to-feature-availability.md)]
 
+If you onboard Microsoft Sentinel to the Microsoft Defender portal, see [Microsoft Defender multitenant management](/defender-xdr/mto-overview).
+
 ## Entering multiple workspace view
 
 When you open Microsoft Sentinel, you are presented with a list of all the workspaces to which you have access rights, across all selected tenants and subscriptions. To the left of each workspace name is a checkbox. Selecting the name of a single workspace will bring you into that workspace. To choose multiple workspaces, select all the corresponding checkboxes, and then select the **View incidents** button at the top of the page.

articles/sentinel/use-multiple-workspaces.md

@@ -3,9 +3,9 @@ title: Set up multiple workspaces and tenants in Microsoft Sentinel
 description: If you've defined that your environment needs multiple workspaces, you now set up your multiple workspace architecture in Microsoft Sentinel.
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 07/05/2023
+ms.date: 10/17/2024
 ms.author: cwatson
-
+appliesto: Microsoft Sentinel in the Azure portal and the Microsoft Defender portal
 
 #Customer intent: As a security architect, I want to use Microsoft Sentinel across multiple workspaces so that I can efficiently monitor and analyze security data across my entire organization.
 
@@ -19,10 +19,17 @@ In this article, you learn how to set up Microsoft Sentinel to extend across mul
 
 ## Options for using multiple workspaces
 
-If you've determined and set up your environment to extend across workspaces, you can: 
+After you set up your environment to extend across workspaces, you can: 
+
+- **Manage and monitor your cross-workspace architecture**: Query and analyze your data across workspaces and tenants. 
+  - To work in the Azure portal, see [Extend Microsoft Sentinel across workspaces and tenants](extend-sentinel-across-workspaces-tenants.md).
+  - If your organization onboards Microsoft Sentinel to the Microsoft Defender portal, see [Microsoft Defender multitenant management](/defender-xdr/mto-overview).
+
+For Microsoft Sentinel in the Azure portal, you can:
+
+- **Manage multiple workspaces with workspace manager**: Centrally manage multiple workspaces within one or more Azure tenants. For more information, see [Centrally manage multiple Microsoft Sentinel workspaces with workspace manager](workspace-manager.md).
 
-- [Manage and monitor cross-workspace architecture](extend-sentinel-across-workspaces-tenants.md): Query and analyze your data across workspaces and tenants.
-- [Manage multiple workspaces with workspace manager](workspace-manager.md): Centrally manage multiple workspaces within one or more Azure tenants.
+Only one Microsoft Sentinel workspace per tenant is currently supported in the unified security operations platform. For more information, see [Microsoft Defender multitenant management](/defender-xdr/mto-overview).
 
 ## Next steps
 

articles/sentinel/workspace-manager.md

@@ -4,8 +4,9 @@ description: Learn how to centrally manage multiple Microsoft Sentinel workspace
 author: austinmccollum
 ms.author: austinmc
 ms.topic: how-to
-ms.date: 04/24/2023
+ms.date: 10/17/2024
 ms.custom: template-how-to
+appliesto: Microsoft Sentinel in the Azure portal
 
 
 #Customer intent: As a Managed Security Services Provider (MSSP) or global enterprise, I want to centrally manage multiple security workspaces so that I can efficiently operate at scale across one or more Azure tenants.
@@ -27,6 +28,7 @@ Here are the active content types supported with workspace manager:
 > Support for workspace manager is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 
+If you onboard Microsoft Sentinel to the Microsoft Defender portal, see [Microsoft Defender multitenant management](/defender-xdr/mto-overview).
 
 ## Prerequisites