Azure Lighthouse: what, how and why
Anyone who has had to manage multiple Azure accounts in the past knows that it is often a hassle. For example, you have to log in to each Azure tenant separately with the correct login details. There is no question of a central management and setting up individual environments manually is very difficult. Implementing consistent access control and security policies is also nearly impossible. Fortunately, there is a solution: Azure Lighthouse. Find out all about it in this blog.
DevOps or system engineers regularly have to work on different Azure tenants and that does not always run smoothly. Some customers want you to use a login from them, other customers prefer to invite you as a guest to manage their environment.
The result is that you often have to switch manually between different Azure tenants. Moreover, it is sometimes necessary to search for the correct login details, which means that valuable time is lost.
Fortunately, now there is Azure Lighthouse with which you can manage the resources within a subscription in an easy and clear way.
What is Azure Lighthouse?
Azure Lighthouse is a Microsoft Azure management service that provides a central platform for managing and monitoring multiple customer environments (tenants) and their resources.
It enables service providers or companies with multiple Azure subscriptions to efficiently manage and control the Azure environments of their customers or subsidiaries. This allows them to streamline operational processes, improve security, and increase overall efficiency by providing a consistent management experience across all managed tenants.
Benefits of Azure Lighthouse
✅ Management of multiple tenants
As a service provider, you can view and manage multiple Azure subscriptions or tenants from a single Azure portal or API endpoint. You can also perform various management tasks, such as deploying and managing resources, applying policies, and monitoring performance, across all managed tenants.
✅ Delegates acces
With Azure Lighthouse, you can grant delegated access to customers or subsidiaries so that they can manage their own Azure resources within defined boundaries. This delegation is based on Azure Role-Based Access Control (RBAC), which provides fine control over privileges and segregation of duties.
✅ Secure multi-tenant environment
Built-in security controls keep each tenant's data and resources isolated and protected. It provides granular access controls, secure multi-factor authentication (MFA), and the ability to apply Azure Policy and Azure Security Center to all managed tenants.
✅ Branding for service providers
Azure Lighthouse allows customizing the Azure portal experience for customers by applying custom branding elements such as logos and themes. This helps maintain a consistent brand identity and improves the overall customer experience.
✅ Integration with Azure Marketplace
As a service provider, you can publish your managed services or solutions on the Azure Marketplace. This allows customers to easily discover and subscribe to these services, further simplifying the relationship between service provider and customer.
How exactly does Azure Lighthouse work?
The Azure accesses are set up per subscription. As a service provider, it is your job to publish an Azure Resource Manager (ARM) template. Templates published via the Azure store can be read by anyone. Would you rather manage just a few customers, or manage a specific customer base? Then there is the option to have the resource templates imported directly to the customer.
This is how you do it:
- Search your tenant for Azure Lighthouse.
- Choose View Service Providers.
- Select View Service Provider Offers.
- Read in the new service offer from here.
Such a resource template contains all kinds of information such as tenant ID of the customer and of the service provider, offer name, description and which role you want to give to the service provider.
Why is Azure Lighthouse interesting for you?
Thanks to Azure Lighthouse, you have less hassle with customer-specific accounts or external invites. Access management is done entirely through your own portal as a service provider. As a result, you no longer have to bother the customer's local IT for access or to send invitations. Everything is centrally arranged. When new colleagues arrive or leave, you can easily remove their accounts from the relevant Azure Active Directory groups, which automatically synchronizes their access to the customer environment. In addition, the customer retains full control over their subscriptions and can unlink the service provider of certain licenses at any time. All the extra hassle that used to be necessary is now gone thanks to Azure Lighthouse. The whole process runs smooth and efficient.
Azure Lighthouse simplifies the management and governance of multiple Azure environments, giving service providers central control, saving them significant management time. In addition, customers can efficiently manage their resources while benefiting from the expertise and services offered by their providers. The increased security is also an extra asset.