After holidays, we have been trying one of the new features that Microsoft launched before summer: Azure Lighthouse
As many of you probably know, Azure Lighthouse provide delegated resource management, where service providers (like me) can simplify customer engagement and onboarding experiences, while managing delegated resources at scale with agility and precision.
Let’s say, imagine that your company provide resource management to multiple companies, one of the main problems of doing that, is that you need to give access to all to the support users in each one of your clients, being an administrative task for you or the manager. The same happens when a user leaves the company, you will need to go to each subscription to delete the user access that has before, being an overload of tasks.
Azure Lighthouse will help us centralizing the management in Azure thanks to give access to a Security group which resides in our directory, so we can control which users have access to the subscription in real time, so we can save a lot of time.
In resume, what need to do is to register a provider in the destination tenant, check our tenant ID, group object ID (or even user) and the role definition id.
With these three parameters, we can configure the management of our clients without problem
You can find more information in the following link
If you want to configure Azure Lighthouse and maintain the least permission privilege, Microsoft has a table where you can check the recommended permissions