After trying Azure Lighthouse for a couple of days, we have extracted a series of conclusions:
- It’s a great solution to manage customer subscriptions
- It can be based on Security AzureAD Groups or users, not Office365 groups
- Provide a single point of access to all the resources, it is not necessary to use guest users to access to customer subscriptions or even to switch subscriptions when we need to manage the subscription
Beside the above points, what you will need to be aware is with the subscription filters, we have been struggling with this for a couple of hours, until we realized that the subscription filters were the responsible for this behavior. Let me resume the case:
We configured a customer subscription to be listed into my customers:
So we are able to list all the resources into the customer, so the next thing it was to try to create a resource inside the customer, but for our surprise, the subscription customer was not listed inside the drop down menu:
At first glance, we thought that it was a limitation of Azure Lighthouse, but after struggling a little bit with it, we realized that inside the filters of Azure subscription, the managed subscription was not checked in…
If you make focus into the image, you will realize that it says current + delegated directory, so… once this checkbox is checked in, we are able to check in the subscription
And finally, we can create new resources inside this subscription with Azure Lighthouse
Once again, lesson learned
Albandrod's Memory 