How CrowdStrike Supports MSSPs and Large Organizations


Managed Security Service Providers (MSSP partners) and large customers are tasked to implement and operate an endpoint security solution at scale with limited resources. The CrowdStrike solution is cloud-native endpoint security that delivers complete protection, unparalleled visibility and remote remediation. In this document and video, we will demonstrate how CrowdStrike provisions the more complex accounts to maximize partner and enterprise visibility, security and management features.



How does this solution provides increased visibility?

Within the detections app of a master account, the detections for all managed accounts are listed. Along with that, there is an additional filter option for “Customer”. This provides total visibility with the option to quickly focus on a specific managed, sub-account. In this example, the master account shows 14 detections over a week.

MSSP master detections


By drilling down on one customer account, the list changed to only reflect detections for that single, sub-account. In this example, the child account represented 5 of the 14 detections.

MSSP master filtered


A user who logs in to the UI with sub-account only permissions would only see detections for that single, managed account. In this example, the user is logged in specifically to managed account #4. As shown below, that user would not have the “Customer” filter option as he only has access to one account. 

MSSP managed detections


How are policies managed?

Policies can be created at the master account or the sub-account level. If created at the master account level, the policy will be available to the sub-accounts. In this example, the master account has policies that include “Detect Only” and “Test Master Prevent”.

MSSP master policy


Here we see a sub-account with access to the master account policies as well as a locally defined, sub-account policy called “Prevent Demo 3”. 

MSSP child policies


How are user accounts managed?

Similar to policies, user accounts can be defined at the master or sub-account level. Users with admin accounts for the master can view detections and create policies that will be inherited by the sub-accounts. User accounts that are created for a single sub-account will only have visibility and policy rights for that specific customer.


The flexibility of the CrowdStrike cloud native solution makes it possible to address the complex needs of the largest partners and customers while maintaining the same, easy to use interface. This capability gives oversight and management rights to partners and parent organizations while enabling the customers to manage their own users and endpoint policies. 

More resources

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial