Managed Services Provider

If you work for a Managed Services Provider, you have to switch between multiple browsers in order to manage all the Azure Resources for your customers. Microsoft solved this problematic by releasing Azure Lighthouse. Azure Lighthouse enables you to see and manage Azure resources from different tenancies in a single console, which will save your time! On top of that, your customers can see the delegated permissions in real time from their own console.

How does Azure Lighthouse work?

Microsoft published the following Azure Resource Manager template that will help you to enable Azure Lighthouse in your tenant. First, you have to collect some information:
1. Your tenant ID also called Directory ID, under Azure Active Directory on the Properties blade.
2. The principal ID and the principal ID Display Name of the following groups:

– A “Contributors” group that you must create in your Azure AD

– A “Readers” group that you must create in your Azure AD

To get these information, run the following command:

3. The Role Definition: You need to decide the built-in role regarding your access needs. For instance, I selected the Reader and Contributor roles.

You can also get these ID from this link:

Note that the Owner role can’t be delegated as explained in the documentation: “All built-in roles are currently supported with Azure delegated resource management except for Owner”

4. Azure Resource Manager Template: you can download the following json files

Azure Resource Manager Template

5. Edit the parameters file and replace with the collected information:

We can now deploy the ARM template. The deployment must be done by an account that has the built-in Owner role for the subscription being onboarded. So log into the customer subscription using the Connect-AzAccount cmdlet and then run the following command:

Connect-AzAccount cmdlet

Here is the command line:

Here is the output:


The deployment is done. You can check in the customer Azure Portal that your deployment is complete.

The deployment is done

In the customer tenant, search for “Service Providers” in the search bar:

Service Providers

You can confirm that your tenant has been added as a service provider.

Service providers | Delegations

If you click on the delegation, you can see both Azure AD groups that you assigned for this deployment.

Azure AD groups

Now switch to your Azure tenant, and search for “my customers

Azure tenant

In the customers blade, you can see your customer with some basic information.

Customers blade

Click on the customer in order to open a new blade. This blade will display the customer Azure Resources. Depending the role you assigned to your account, you will be able to manage or read the resources from your Azure tenant.

Azure Resources

You can manage all the services from this console, such as Azure Backup, Azure Automation, Azure Compute, Azure Network, …

VSAN from StarWind eliminates any need for physical shared storage just by mirroring internal flash and storage resources between hypervisor servers. Furthermore, the solution can be run on the off-the-shelf hardware. Such design allows VSAN from StarWind to not only achieve high performance and efficient hardware utilization but also reduce operational and capital expenses.
Find out more about ➡ VSAN from StarWind


Thanks to the Azure Lighhouse, we can easily see and manage the customers Azure resources from a single console. You will save a lot of time!

Views All Time
Views Today
Appreciate how useful this article was to you?
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5
5 out of 5, based on 1 review
Back to blog
The following two tabs change content below.
Nicolas Prigent
Nicolas Prigent
Nicolas Prigent works as an IT Production Manager, based in Paris, with a primary focus on Microsoft technologies. Nicolas is a three-time Microsoft MVP in Cloud and Datacenter Management with 10 years experience in administering Windows products. He also received the "PowerShell Heroes 2016" Award.