Azure Lighthouse

Azure Lighthouse is a service designed by Microsoft that provides advanced automation on Azure Cloud Services. It assures you to manage Azure estates of several customers and protects your IP management.

Azure Lighthouse enables multi-tenant management with scalability, higher automation, and enhanced governance across resources.

With Azure Lighthouse, service providers can deliver managed services using comprehensive and robust tooling built into the Azure platform. Customers maintain control over who has access to their tenant, which resources they can access, and what actions can be taken. Enterprise organizations managing resources across multiple tenants can use Azure Lighthouse to streamline management tasks.

Cross-tenant management experiences let you work more efficiently with Azure services such as Azure Policy, Microsoft Sentinel, Azure Arc, and many more. Users can see what changes were made and by whom in the activity log, which is stored in the customer’s tenant and can be viewed by users in the managing tenant.

Enterprise Scenarios

Azure Lighthouse plays a vital role in enterprise scenarios. Let’s discuss some situations associated with Azure Lighthouse and Enterprise.

• Single and Multiple Tenants: The management is quite simple with a single Azure AD tenant in any organization. Some organizations need multiple tenants for management operations. Azure Lighthouse can help in centralizing and streamlining management operations.
• Tenant Management Architecture: Azure Lighthouse helps specify which tenant will involve users in performing management operations on other tenants.
• Security and Access Considerations: With Azure Lighthouse, organizations can determine which users can have authorized access to delegated resources. This ensures that users only have the permissions required for performing the necessary tasks, subsequently reducing the chance of accidental errors.

Capabilities

Azure Lighthouse includes multiple ways to help streamline engagement and management:

• Azure delegated resource management: Manage your customers’ Azure resources securely from within your own tenant, without having to switch context and control planes. Customer subscriptions and resource groups can be delegated to specified users and roles in the managing tenant, with the ability to remove access as needed.
• New Azure portal experiences: View cross-tenant information in the My customers page in the Azure portal. A corresponding Service providers page lets customers view and manage their service provider access.
• Azure Resource Manager templates: Use ARM templates to onboard delegated customer resources and perform cross-tenant management tasks.
• Managed Service offers in Azure Marketplace: Offer your services to customers through private or public offers, and automatically onboard them to Azure Lighthouse.