How Can you Manage Multiple Providers in Azure?
If you are running Azure infrastructure and have multiple providers that reach into your tenant, you know how difficult it is to log, audit, and monitor what your providers are actually changing inside your subscriptions.
From the opposite view, if you’re a solution provider and you have to reach into multiple clients Azure subscriptions to complete your work, you know how challenging it is to keep everything segregated and organized. Never-mind if you need to pull auditing logs to show what changes you completed inside a specific subscription.
Azure Lighthouse provides a way to have solution providers coming into multiple tenants and keep everything manageable and provide auditing capabilities. The reason this works so well is because it is an integrated service inside Azure, and not an add-on.
How does Azure Lighthouse work?
Inside the target Azure subscription, you will use Delegated Resource Management as the common method to reach into the tenant. To the managing partner, it looks and acts mostly like it was in their tenant — making it easy to interact with.
A common theme across many technical conversations I’ve been having all tie in to RBAC (Role Based Access Control). Azure Active Directory makes it super easy to take advantage of this best practice folks! Azure Lighthouse uses delegated rights – I hope this is starting to sound familiar for my frequent readers because we’ll be heading down this rode more and more in the coming months!
Back to Lighthouse… Azure Delegated Resource Management presents resources from one Azure AD tenant to another; giving the partner a cross-tenant management ability. You can take advantage of this to simplify managing multiple partners coming into your tenant; and as a provider to take advantage of automating your management of client tenants.
Microsoft provides a GitHub resource with ARM templates for you to use right here. All you have to do is you have to do is decide whether you want to delegate permissions to a resource group, set of resource groups, or a whole subscription then edit the relevant Parameters file.
Azure goes a long way to providing very manageable ways to help keep your security controls intact, and pretty easy to pull audit reports to monitor providers while keeping things as easy as possible to allow providers to deliver the results you need for your business. As the world continues to change rapidly, my clients expect solutions delivered more rapidly. Azure Lighthouse can help you setup your management systems and partners so that you can utilize trusted partners to get your business across the line.