New Content Types Supported in Multitenant Content Distribution

Enhanced Security Content Management for Partners

Microsoft has announced exciting new capabilities for partners managing security across multiple customer tenants. The multitenant content distribution feature in the Defender portal now supports additional content types, providing more flexibility and control for security-focused partners.

What's New

Security partners managing Microsoft Sentinel and Defender security content across multiple customer tenants can now distribute:

- Analytics Rules - Custom detection rules for consistent threat identification
- Automation Rules - Automated response workflows across tenants
- Workbooks - Dashboards and visualization templates
- Alert Tuning Rules - Customized alert thresholds and filtering

These new content types complement existing distribution capabilities, enabling seamless replication from source tenants to designated target environments.

Key Benefits

Scalable Management - Distribute security content across customer tenants centrally while maintaining localized execution and control.

Faster Onboarding - Quickly onboard new tenants with a consistent security baseline already in place.

Reduced Complexity - Manage custom rules, automation workflows, and monitoring configurations from a single source of truth.

Security Consistency - Ensure all customer environments maintain alignment with your security standards and best practices.

How Content Distribution Works

Content distribution enables the creation of distribution profiles within the multitenant portal. Partners can:

1. Define a source tenant with established security configurations
2. Create a distribution profile targeting specific customer tenants
3. Automatically replicate content (rules, workbooks, automation) to target environments
4. Execute distributed content locally on customer tenants
5. Update and manage configurations centrally

Who Should Care

This update directly benefits:

- Managed Security Service Providers (MSSPs)
- Microsoft Sentinel partners
- Organizations managing multiple customer security environments
- Partners offering security consulting and management services

Next Steps

Microsoft Security partners should visit the Microsoft Community Hub for detailed information on implementing the new content distribution capabilities.

TL;DR

- Multitenant content distribution now supports analytics rules, automation rules, workbooks, and alert tuning rules
- Enables centralized management with localized execution across customer tenants
- Helps MSSPs and security partners maintain consistent security baselines faster
- Available now in the Defender portal for eligible partners
- Visit Microsoft Community Hub for implementation details