Microsoft launched Azure Lighthouse in general availability combined with some improvements to the Azure Migration Program ahead this MS Inspire 2019 conference that is underway in Las Vegas.
Basically, Azure Lighthouse will offer service providers a single environment to manage Azure resources across different customers. It will offer capabilities for managed service providers (MSPs) that aim to reduce the customer on-boarding dramatically and bring all customer resources into a single view.
Azure Lighthouse “puts Azure management features of all your customers into one pane, one view,” said Toby Richards, GM of Microsoft’s Partner One Commercial Partner organization. It will cut down MS partners’ customer on-boarding time by 71%, he commented.
The solution will provide enhanced automation, efficiency and overall, improve the managed experience for Azure Cloud platform. Its capabilities will also facilitate cross-tenant management of customers with enhanced visibility and control- empowering partners to service more customers and handle larger workloads.
“It’s not only great from a customer onboarding perspective, but it also allows you to build into new managed services that really take advantage of that feature, to be able to apply that across all your customers (is exciting)”, Richards added.
The prime challenge faced by all Azure MSPs is that dealing with various customers at scale or even large single customers means encountering lots of subscription proliferation. Thus, jumping from one console to another, setting-up custom rights as per account requirements (that can extend to multiple subscriptions) to enable operations across tenants is cumbersome and prone to error. Azure Lighthouse enables managed service providers to define a set of permissions and apply them to an internal team.
Moreover, customers can see what their MSPs can/cannot do with their digital property when they sign-up for the management level. This transfers the risk of move/add/changes from customer-side to partner-side.
Thus, if an employee left an organization, the service provider will deprovision their account and remove their access. The customer won’t have to do anything to ensure to eliminate access from an ex-employee.
Once they assign resources to their provider- the provider, in turn, can “extend access to users or accounts in its tenant within the constraints specified by the aforementioned customers using Azure role-based access control mechanisms. Standard mechanisms work as if customer resources were resources in the provider’s own subscriptions and regardless of the licensing construct at play (e.g., pay-as-you-go).” explains Azure Compute Corporate VP Erin Chapple.
Additionally, Azure Lighthouse also enables both customers and MSPs to see precisely who took the action on the resources due to Azure’s Activity Log and resource provider “Microsoft Managed Services” which helps identify if the activity was done from a resource’s home tenant or the service provider’s tenant.