What is Azure Lighthouse?

Save to My DOJO

What is Azure Lighthouse?

Whether you are a service provider looking for new tenants, an organization with multiple cost centers, or a business outsourcing your development, you should be excited about the latest features that come with Azure Lighthouse

At its core, Azure Lighthouse uses the Azure Delegated Resource Management (ADRM) service to allow trusted users to manage all Azure resources from within a single interface. I fall under the latter category. I run a technology company with my CTO based in the US, my web developers in the Czech Republic, and my mobile developers in Mexico. 

At one point, we had 8 Azure subscriptions. It took as long to figure out the right credentials, subscription, directory, and find the resource as it did to perform the management task. Ultimately, we went through a time-consuming consolidation project to migrate these accounts under a single subscription, but Azure Lighthouse would have solved our problems from the beginning. 

This is a multi-part blog series, with this first post focusing on the benefits of Azure Lighthouse to Managed Service Providers (MSPs), their tenant customers, and the Azure Marketplace ecosystem. We’ll dig deeper into specifics as the series progresses.

Before we go further, if you haven’t gotten started with Azure and you’re looking to get started, our eBook on Selling Azure Solutions would be a great place to start!

Azure Lighthouse Benefits for Managed Service Providers (MSPs)

Azure Lighthouse presents a suite of enhancements tailored for Managed Service Providers (MSPs), aiming to elevate operational efficiency, streamline management, and bolster security and compliance across distributed organizations. Here’s an elaboration of the key benefits:

Enhanced Operational Efficiency 

Azure Lighthouse is specifically designed to scale MSPs’ operational efficiency through centralized management of resources. This innovative approach allows service providers to standardize their services, automate operations, and significantly increase their productivity. By focusing on these efficiency improvements, MSPs can dedicate more resources to enhancing their core competencies, adding new services, and acquiring new clients. The reduction in time spent on repetitive tasks across multiple accounts translates into operational scalability and improved service delivery for their customers.

Comprehensive Management Interface 

Offering a unified view of all managed resources, Azure Lighthouse can be interfaced through the Azure Portal GUI, Azure PowerShell, or Azure APIs, ensuring full feature parity between these management interfaces. This comprehensive accessibility allows MSPs to efficiently add, sort, and delegate access to all Azure resources permitted by their tenants. By streamlining these processes, service providers can ensure a more efficient and effective management of resources, leading to better overall performance and the ability to quickly respond to the dynamic needs of their clients.

Service and Client Expansion 

Azure Lighthouse introduces a new management layer at the customer level, enabling MSPs to add, sort, and delegate access to all Azure resources. This enhancement allows service providers to spend more time focusing on enhancing their core competencies, developing new services, and acquiring new clients. The simplification of access and management tasks significantly reduces the administrative overhead, empowering MSPs to expand their service offerings and client base more effectively, thereby driving business growth and increasing market competitiveness.

Automation and Efficiency 

With the capability to centrally manage hundreds of tenant accounts, Azure Lighthouse opens up new operational efficiencies through automation. Service providers can now programmatically perform tasks against thousands of resources at once, all managed by Azure Resource Manager (ARM). This automation extends to various functions such as reporting, alerting, querying, servicing, and applying security updates. Such comprehensive automation capabilities significantly reduce the time and effort required for large-scale management tasks, enabling MSPs to allocate their resources more strategically and improve their overall service offerings.

Security and Compliance Enhancement 

Azure Lighthouse enhances security and compliance for both MSPs and tenants. With delegated access, service providers can manage tenants’ resources without compromising proprietary scripts or templates. This secure access ensures that MSPs can protect their intellectual property while also offloading user management responsibility from their tenant. The bilateral security enhancements provided by Azure Lighthouse help maintain a secure and compliant environment, enabling MSPs to offer more services with less effort and potentially maximize profits or pass cost savings to their customers.

Azure Lighthouse Benefits to Tenant Customers

Azure Lighthouse isn’t just a boon for Managed Service Providers (MSPs) — it offers significant advantages to their tenant customers as well. Here’s how it transforms the tenant experience:

Simplified Access and Enhanced Security

Azure Lighthouse simplifies the process of granting access to resources for tenants. Instead of sharing sensitive credentials, MSPs can request access through an easy-to-understand dashboard or via Azure marketplace plans. Tenants can specify access down to 70+ Azure user roles for each resource, ensuring that MSPs have permissions only for necessary actions. This delegated access not only makes life easier for non-technical users but also significantly reduces security liabilities, preventing the risky practice of sharing passwords and ensuring that only approved actions are taken on their resources.

Transparency and Control

Azure Lighthouse offers complete transparency into actions taken by MSPs on tenant resources. Every operation is logged and audited, providing tenants with a clear view of their MSP’s activities. Furthermore, Azure Lighthouse ensures isolation between tenants, so an action an MSP performs on one tenant’s resources doesn’t affect another’s. Tenants retain control over their budget and billing, with options to use their licenses, get directly billed for MSP services, or purchase services through the Azure Marketplace. This transparency and control are pivotal in maintaining trust and managing costs effectively.

Distinct from Azure CSP Program 

A key distinction of Azure Lighthouse is its approach compared to the Azure Cloud Solution Providers (CSPs) program. While the CSP program requires tenants to grant full access to their MSP, Azure Lighthouse allows for more granular control. Tenants can limit MSP access to specific actions against approved resources, ensuring a higher level of security and autonomy. This focused access is crucial in maintaining the integrity of tenant resources and contrasts sharply with the all-or-nothing approach of the CSP program, providing tenants with a much-needed balance of autonomy and support.

Azure Lighthouse Benefits to the Azure Marketplace Ecosystem

Azure Lighthouse enriches the Azure Marketplace ecosystem by introducing a new category of “Managed Services,” significantly benefiting both MSPs and tenants. Here’s how it reshapes the marketplace:

Global Selection of MSPs 

With Azure Lighthouse, certified service providers can swiftly publish their managed services, offering a global selection to all Azure users. This accessibility allows tenants to choose from a wide array of MSPs, suiting their specific needs. Service providers have the flexibility to make their offerings public for a broad audience or keep them private for preapproved customers, thereby tailoring their market reach and maintaining control over their client base.

Transparent Access and Streamlined Onboarding 

Azure Lighthouse enhances transparency in the purchasing process. Tenants can view the exact level of access MSPs will have to each resource before accepting an offer. Upon agreement, the onboarding process is highly automated and streamlined, ensuring a smooth transition. This clarity and ease of onboarding foster trust and understanding between tenants and MSPs, making it easier for both parties to engage in a mutually beneficial service agreement.

Support for Various Licensing Models 

The program supports any Azure licensing model, including pay-as-you-go, Enterprise Agreement (EA), and Cloud Solution Provider (CSP). This flexibility ensures that MSPs can cater to a wide range of customer needs and preferences. Within minutes of agreement, MSPs are granted access to the tenant’s environment to begin delivering services. This rapid access and support for various licensing models make Azure Lighthouse an adaptable and efficient solution for managed services in the Azure Marketplace.


Ultimately Azure Lighthouse provides a better management experience for everyone. Even independent software developers (ISV) are leveraging Azure Lighthouse to upsell their software by also including deployment and support services, and we’ll be talking about that more in an upcoming segment. Azure Lighthouse easily plugs into existing programs and solutions, so now ISVs can spend more time with their customers and less time managing credentials. Stay tuned for the next post in this series to learn more!

What about you? Do you see this fixing the management pain with Azure and multiple customers? Why or why not?

Altaro O365 Backup for MSPs
Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Leave a comment

Your email address will not be published. Required fields are marked *