Last month, Azure Lighthouse was introduced to the Microsoft partner community. This new product is essentially a control panel that allows companies to view and manage Azure for their entire customer base. An API call allows for Azure resources to be created, resized, and updated without having to cycle through multiple tokens and identities. The goal of this product is to empower Microsoft partners with the tools they need to grow client size and profitability. Through the benefits, features, and security, Azure Lighthouse has proven to be a game-changer for managed services providers, resellers, and enterprise IT professionals.
Benefits
– Management at scale: Manual tasks will be at minimum thanks to the cross-customer management features offered by Azure Lighthouse. Engagement processes, such as onboarding, can be completed through automated workflows.
– Visibility for customers: Customers and service providers can now look at an activity log from a single control plane. You can maximize visibility into customers’ environments from your own environment. By providing transparency and auditability, you are building a trusting relationship with your clients.
– Unified platform tooling: The new tooling experience works with existing capabilities, including APIs, licensing models, and partner programs. You can integrate current workflows and applications, as well as track customer engagements by linking your partner ID.
Key Concepts
Delegated resource management
– Azure delegated resource management allows for your resources to be transferred from one tenant to another. Users can perform management operations within a customer subscription without having an account or being a co-owner of the customer’s tenant. This can save a great deal of time because they won’t have to sign into each individual tenant.
Cross-tenant management experiences
– A tenant within the Azure Active Directory is a representation of an organization. It’s an instance of Azure AD that a business receives when they create a relationship with Microsoft by signing up for Azure. Normally service providers would have to sign into the Azure portal with a customer’s account, but now others are able to access subscriptions. This allows for flexibility when Microsoft Partners are trying to manage several different customers.
Managed Services in Azure Marketplace
– Azure Marketplace allows Microsoft partners to publish software solutions for IT professionals and developers. Currently, there’s over 8,000 listings from Virtual Machines, APIs, Azure apps, Solution Templates, SaaS apps, and more.
Cloud Solution Provider program considerations
– Azure subscriptions are available for customers through CSP programs if they are a Cloud Solutions Provider. The Administer on Behalf of (AOBO) grants access to customer environments. Any user in the “Admin Agent” role will have AOBO privileges.
Enhanced Security
Security can make or break a product in the technology industry, and it’s safe to say Azure Lighthouse has taken that into consideration. Azure’s cloud is built with customized hardware, security control integrations, and added protections against threats. Within the central control plane, Azure Lighthouse ensures that the management of IP is fully protected. Increased transparency, auditability, and control of activities through alerts is available in the Azure portal. The top security recommendation from Microsoft is to enable Azure Multi-Factor Authentication (MFA). This feature helps safeguard access to data to protect the application from phishing and social engineering attacks. It provides an extra layer of security by requiring a second form of authentication. You can learn how to deploy Azure MFA, here.
Partners That Use Azure Lighthouse
One way to measure the success of a new product is by reviewing the feedback left by companies who are utilizing the software for the growth of their business. Rackspace, a well-known cloud computing company, has leaned on Azure Lighthouse for their resource management. They are enhancing security and response capabilities in three different ways:
1. Azure Resource Graph and cross-tenant queries allows for quick detection of customer’s impacted images
2. Update Management sends reports on impacted systems and schedules targeted hot fixes
3. In-guest Audit Policy across all customer’s managed estates to verify host settings relating to impact and vulnerability
Sentia, an IT solutions provider, has also utilized Azure Lighthouse to manage their business. They use Azure Resource Manager templates across all customers who are under the licensing construct. 90% of their managed services is based on these specific types of templates, which automates monitoring, governance, and management tasks.
There are several “How-To” guides provided by Microsoft, that can help Microsoft Partners learn how to onboard customers and manage their resources. Azure Lighthouse is available at no additional charge if customers are already using Azure services. To get started, you can learn more and watch the demo on Microsoft’s website to start planning your team’s adoption path.