Azure Lighthouse

With Microsoft Azure Lighthouse, service providers can now manage and operate customers’ Azure resources at scale with higher automation and visibility, from within their own context. These foundational management capabilities built comprehensively throughout the Azure platform,allow you to focus on your core expertise and sets you on a more profitable path.

Documentation: https://docs.microsoft.com/azure/lighthouse


  1. Include offer name in JSON template

    Using a marketplace offer there is an offer name that appears in the My Service Providers console view. However using a JSON template run in PowerShell or AzShell has no offer name. Add an optional offer name when onboarding using JSON alone. This helps the customer keep track of purpose of templated-based accepted offers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. After customer accepts an offer, surface a customized blade / workbook

    Allow the service provider to provide the customer with immediate and relevant data via a custom dashboard/solution workbook so the service provider can surface the value of their offer. For example, after accepting an offer for Managed Azure Backup, a customized backup SLA dashboard appears in the My Service Providers portal blade.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide documentation on PCI compliance for customers

    My customers will need to know how to identify who had access to which resources at a given moment in time. I haven't seen any documentation on how that would be possible if the security group which was granted access lives in an external directory (ours).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Delegate Resource Groups in a delegated Subscription

    If a subscription has been delegated to a service provider, resource groups can not be delegated separately.

    But it's would be useful to combine that, for example, a group of administrators could be delegated for subscriptions, but a network or storage account administrator would only be delegated for the corresponding resource group.

    Today you receive an error, if you should try to implement that:
    "MultipleRegistrationAssignmentsNotAllowed"

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow delegate also for roles owner and user access administration

    As service provider we are full managing customer subscriptions including access management. Azure Lighthouse is much better than the 'Guest' mechanism we were using before as we can manage access to customer subscriptions in a central place.

    Currently the roles 'Owner' and 'User Access management' are excluded from delegated resource management. Without these roles we still have to fall back to the 'Guest' mechanism, CSP roles or accounts in the customer tenant for user access administration.

    Allow 'Owner' and 'User Access Administrator' as roles to be delegated.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable Pin to Dashboard for My Customer and individual delegations

    It would save time for service provider staff if standard Azure portal Pin to dashboard features were active. In particular, the My Customers blade should be able to surface in the service provider Azure portal top level Dashboard. Also it would be helpful if individual delegations could have Pin to Dashboard function as shortcuts to MSP staff working frequently with specific customer resources.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable deletion of customer entries from My customers

    While the customer can delete service provider offers from the Service provider offers view, the service provider cannot delete redundant or spurious entries from their My customers view. If it's not practical to drive a deletion from the service provider side, have the portal produce the exact powershell command lines and/or JSON template files needed to delete the offering including the necessary security context under which the deletion can occur.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend Lighthouse to include customer O365 co-administration

    Lighthouse doesn't itself provide a means to perform delegated admin functions in the customer O365 subscription. Azure AD and O365 admin activities (such as admin on O365 groups, or make a mailbox a shared mailbox) are in scope for a comprehensive office automation service provider offering. Perhaps an 'O365 Lighthouse' stack that parallels Azure Lighthouse in marketplace and powershell/JSON based admin.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Connect to customer Azure Sentinel from service provider subscription

    Presently cross-tenancy connection to Azure Sentinel is not supported by Azure Lighthouse. This prevents offering a managed Sentinel product using Lighthouse. Please allow at a minimum for connection to customer Sentinel, much like the current Lighthouse support for service provider to connect to customer Log Analytics workspace. Best design would allow a partner SOC to manage multiple Sentinel customers in a rolled up experience.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Lighthouse

Feedback and Knowledge Base