question

BalamurugaprasathM-6701 avatar image
0 Votes"
BalamurugaprasathM-6701 asked SwathiDhanwada-MSFT edited

Azure Lighthouse

We Own two Different Tenants.

Eg: Tenant A & Tenant B

In Tenant A we are managing user accounts and mailboxes.

In Tenant B we are deploying and managing our Cloud Application, Currently Tenant A Users are invited as Guest users in Tenant B, those guest users are provided owner and contributor access at the resource and subscription level for management.

We would like to integrate these two tenants to avoid switching to directories and avoiding guest users usage.

Our Requirement is to avoid adding Tenant A users as guest users in Tenant B for Resource Management, and Tenant A User should be able to manage the resources on Tenant B Directly.

Can Azure Lighthouse solve this Requirement?

azure-lighthouse
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

AndrewBlumhardt-1137 avatar image
0 Votes"
AndrewBlumhardt-1137 answered

I like to compare Lighthouse to an on-premise, one-way, cross-forest trust.

Security groups in Tenant A are granted access to RBAC Roles assigned at the subscription or RG level in Tenant B. This is a onw-way or parent-child relationship. The relationship is defined by a simple ARM template.

Admins in Tenant A manage adding and removing users from the Lighthouse groups. All Tenant B admins need to do is authorize the agreement and monitor the activity. The activity logs in Tenant B will show all actions by Tenant A down to the user level.

Tenant A manages the relationship in "My Customers" and Tenant B has "My Providers".

This reduces the need for guest accounts. It reduces the need to switch directories. There are some admin actions that require a tenant local account. For example, activating a Sentinel connector. Also, Lighthouse is currently limited to built-in admin roles. Good for day-to-day administration and solution provider access.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.