What is the Azure lighthouse?

Friends, today we will discuss Azure Lighthouse. The Azure Lighthouse is a service that is made by Microsoft that provides advanced automation on Azure Cloud Services. It makes sure that you manage the Azure estates of several customers and protects your IP management.

What is Azure Lighthouse?

What is Azure Lighthouse? - Azure Lighthouse | Microsoft Docs

The Azure Lighthouse consents you to assist cross-tenant management and multi-tenant management, which helps for higher automation, scalability, and better governance in the resources and tenants.

In simple terms, the Azure Lighthouse is a control panel that includes portals, IT service management tools, and monitoring tools that allow service providers to monitor and manage deployments through tenants.

By using Azure Lighthouse, service providers can bring safely managed services with the help of extensive and robust management tools, which are built into the Azure platform. The consumers or clients could control who can access their tenants, resources, and actions to undertake. The Azure Lighthouse also doles enterprise IT organizations that manage resources across many tenants with access control for customers. 

Let us see some setups where this could be helpful:

  • Service Providers: A setup where the client pays the bill and wants control of the resources, but the client pays a third party to manage and support the resources.
  • Application Providers: Some of the companies provide applications in Azure and come up with a management part, where they can package these services on the marketplace and let customers set out them in their subscription. But later, they can retain their management of a few or all the resources.
  • Multi-Tenant: many Azure clients have a number of tenants in their organization for many tasks. The Azure Lighthouse benefits to manage the resources of these tenants in one place without having to switch tenants.

Capabilities in Azure Lighthouse?

Combining Azure Lighthouse with Sentinel's DevOps capabilities - Microsoft  Tech Community

By using the Azure Lighthouse, there is the number of ways to update engagement and management.

  • Azure Delegated Resource Management: You can safely manage the Azure resources of your clients inside your own tenant without the need to switch context and control planes. The Clients subscriptions and resource groups can be assigned to specific users and roles in tenant management, gaining the capability to remove access when necessary.
  • New Azure Portal Experiences: You can review cross-tenant management information in the My Customers page in the Azure website. The Azure website has a Service Providers page that lets clients review and manage their service provider access. 
  • Azure Resource Manager (ARM) Templates: You can use Azure resource management’s templates to on-board with assigned client resources and perform cross-tenant management tasks. 
  • Managed Service offers in Azure Marketplace: You can offer services to clients by public or private suggestions and on-board them to Azure Lighthouse automatically.

Now, let us move forward and learn a little more concepts involved in Azure Lighthouse.

Azure Delegated Resource Management:-

How Azure Lighthouse enables management at scale for service providers |  Mashford's Musings

The Azure Delegated Resource Management is an important section of Azure Lighthouse, which lets logical plan of resources from one tenant to another. It also empowers service providers to comfort client engagement and Onboarding experiences during the management of delegated resources at scale with agility and accuracy. 

By using Azure Delegated Resource Management, the authorized users can work normally in the context of a client subscription without having a client’s tenant account or being a co-owner of the client’s tenant.

Cross-Tenant Management Experiences:-

Cross-tenant management experiences - Azure Lighthouse | Microsoft Docs

The Cross-Tenant Management Experiences allows you to work more well with Azure management services, such as Azure Policy, Azure Security Centre, etc. All service-supplied activities are followed in the activity log and stored in the client’s tenant, which can be reviewed and monitored by users in the managing tenant. The users in both the handling and the managed tenant could be rapidly identified by the user associated with any adjustments.

What are Azure Tenants?

Understanding Tenants, Subscriptions, Regions and Geographies in Azure -  DevOpsSchool.com

Each and every Azure AD tenant is an image of an organization. The tenants are devoted and trusted instances of Azure AD, which an organization receives when forming a connection or agreement with Microsoft by signing up for Azure, Microsoft 365, or other Microsoft services. There is no connection between every tenant, and they are different and isolated objects. Each and every tenant has its own tenant ID.

Benefits of Azure Lighthouse:-

Cloud Solution Provider program considerations - Azure Lighthouse |  Microsoft Docs

The Service providers can make and deliver managed services well using Azure Lighthouse. Let us see some benefits of using this service:

  • Scalable Management: It improves client engagement and life cycle management and operations, making it easier and more accessible to manage client resources. You can use current APIs, management tools, and workflows with allocated resources, with machines hosted outside of Azure, despite these resources’ locations.
  • Greater Visibility and Control of Azure Environment for Customers: The Clients have fixed control over the possibilities they assign for management and permissions. They can review service provider actions with complete transparency and manage and remove access completely without negotiating security.
  • Comprehensive and Unified Platform Tooling: The Azure Lighthouse provides a wide and united platform tooling experience, addressing spirited service provider setups, such as various licensing modes like EA (Enterprise Agreement), CSP (Cloud Service Provider Program), and pay-as-you-go. It benefits to track your impact on client’s engagements by linking your partner ID. 
  • Risk Reduction with Just-In-Time Access: It offers time-based role start and approval-based role activation using PIM (Privileged Identity Management), which is a service by Azure AD (Azure Active Directory). The PIM benefits to reduce risk by assigning service providers the precise amount of access required per resource and time needed to complete the task.

Comparison of Azure Lighthouse and Azure Managed Applications:-

Overview of managed applications - Azure Managed Applications | Microsoft  Docs

By using Azure Lighthouse, service suppliers can deliver secure managed services and perform many management tasks straight on a client’s subscription or a resource group.

By using Azure Managed Applications, service providers or Independent Software Vendors can deliver cloud solutions, which becomes easier for clients to deploy and use in their own subscriptions.


So now, we have come to an endpoint of the Azure Lighthouse blog. I hope you are fulfilled with my article on Azure Lighthouse. The Azure Lighthouse consents you to assist cross-tenant management and multi-tenant management, which helps for higher automation, scalability, and better governance in the resources and tenants.

Thank You!

Rajesh Kumar
Follow me