What is Azure Lighthouse?
Azure Lighthouse enables cross-tenant and multi-tenant management, allowing for higher automation, scalability, and enhanced governance across resources and tenants. Azure Lighthouse can also be used for Microsoft 365 services. With Azure Lighthouse, service providers can deliver managed services using comprehensive and robust management tooling built into the Azure platform. This offering can also benefit enterprise IT organizations managing resources across multiple tenants. This article provides a discussion on using Azure Lighthouse for cross-tenant and multi-tenant management.
Benefits
Azure Lighthouse helps you to profitably and efficiently build and deliver managed services. Using Azure Lighthouse for cross-tenant and multi-tenant management provides many benefits such as the below.
- Management at scale: Customer engagement and life-cycle operations to manage customer resources are easier and more scalable. Existing APIs, management tools, and workflows can be used with delegated resources, regardless of the regions in which they’re located.
- Greater visibility and precision for customers: Customers will have greater visibility into your actions and precise control over the scope they delegate for management, including the ability to remove access completely, while your IP is preserved.
- Comprehensive and unified platform tooling: Our tooling experience addresses key service provider scenarios, including multiple licensing models such as EA, CSP and pay-as-you-go. The new capabilities work with existing tools and APIs, licensing models, and partner programs such as the Cloud Solution Provider program (CSP). Azure Lighthouse can be integrated into your existing workflows and applications, and you can track your impact on customer engagements and receive partner earned credit by linking your partner ID.
Pricing
There are no additional costs associated with using Azure Lighthouse to manage Azure resources. Any Azure customer or partner can use Azure Lighthouse. Service providers can offer a managed service to other Azure tenants by publishing a public or private Managed Service offer to Azure Marketplace using the Commercial Marketplace program in Partner Center. Customers who purchase the offer will then delegate subscriptions or resource groups, allowing the service provider to manage them through Azure Lighthouse. More details can be found at: https://docs.microsoft.com/en-us/azure/lighthouse/how-to/publish-managed-services-offers
Features and onboarding
Azure Lighthouse includes multiple ways to help streamline engagement and management.
- Azure delegated resource management: Manage your customers’ Azure resources securely from within your own tenant, without having to switch context and control planes. Subscriptions and resource groups can be delegated to specified users and roles in the managing tenant, with the ability to remove access as needed. For more info, see Azure delegated resource management.
- New Azure portal experiences: View cross-tenant information in the My customers page in the Azure portal. A corresponding Service providers page lets customers view and manage their service provider access.
- Azure Resource Manager templates: Our templates help you perform cross-tenant management tasks and onboard delegated customer resources. For more info, see our samples repo and Onboard a customer to Azure Lighthouse.
- Managed Service offers in Azure Marketplace: Offer your services to customers through private or public offers, and have them automatically onboarded to Azure Lighthouse. For more info, see Managed Service offers in Azure Marketplace.
When enabled, Azure Lighthouse adds a “My Customers” service in the Service Provider’s Azure subscription and a “Service Providers” service in the managed customer’s Azure subscription. By utilizing Azure delegated resource management, Service Providers can designate the users/groups/service principals which will have permissions on the managed customer’s Azure resources and the customer’s Azure owner user/group can delegated which Azure subscriptions or resources will be managed by the Service Providers delegates.
Managed Services can be offered via an Azure Marketplace offering. More details on setting up an Azure Marketplace offering for Azure managed services by Service Providers can be found in the following article: https://docs.microsoft.com/en-us/azure/lighthouse/how-to/publish-managed-services-offers. As this article states: “Per the Managed Service offer certification requirements, you must have a Silver or Gold Cloud Platform competency level or be an Azure Expert MSP in order to publish a Managed Service offer. If you don’t want to publish an offer to Azure Marketplace, or don’t meet all the requirements, you can onboard customers manually by using Azure Resource Manager templates. For more info, see Onboard a customer to Azure Lighthouse.”
Azure Lighthouse onboarding can also be carried out in an automated way. The onboarding process requires actions to be taken from within both the service provider’s tenant and from the customer’s tenant. The overall onboarding process steps are outlined in the following article: https://docs.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer
Sources
https://docs.microsoft.com/en-us/azure/lighthouse/overview
https://azure.microsoft.com/en-us/services/azure-lighthouse/
