Azure Lighthouse: The Best Way To Manage Azure B2B Relationships

Security matters. According to a survey conducted by Spiceworks, one in four enterprises are increasing 2020 IT spend due to a recent security incident, and 47% of companies of all sizes cite security concerns as a top reason for bumping up their IT budget. In today’s environment of greatly increased remote work and rapidly expanding cloud footprints, controlling access to your digital cloud estate is both paramount and daunting. Enter Azure Lighthouse. Winner of a 2019 CRN Tech Innovator Award, Azure Lighthouse simplifies both sides of Azure B2B relationships–enterprises and managed service providers. 

Two Different Perspectives, One Common Problem

The Enterprise

If you’re at an enterprise with over one thousand employees, one of the most important and challenging aspects of securing your digital assets is identity and access management. In particular, trying to manage guest and consultant access to your digital estate can be a huge headache. As contractors roll on and off of projects, you have to grant and revoke their access to your platforms. For large projects and large contracts, managing this access quickly becomes time consuming and expensive.

Matters are complicated further when you want a service provider to manage a portion of your digital estate. How do you know which individuals in that service provider need access to your cloud footprint? How do you manage turnover at the service provider? How can you be sure of business continuity and security lockdown in the event the service provider goes out of business or suffers a security breach?

The Cloud Service Provider

Azure grants service providers unprecedented capabilities to build, enhance, and scale both custom solutions and packaged product offerings for your clients. Part of delivering a cloud-enabled product to a customer involves provisioning and, often, maintaining a set of cloud products for that customer. Both of these needs, particularly that of ongoing monitoring and maintenance, require access to your customer’s digital estate. 

If you have dozens of customers, scaling your maintenance contracts is a huge concern. If you offer a packaged Azure solution that requires a bunch of Azure components, each customer needs to grant you access to their Azure digital estate. With individual logins, performing simple maintenance tasks quickly becomes time-consuming. You have to login to each customer’s Azure portal, check logs and analytics, perform maintenance tasks, and remedy any issues. This quickly becomes a daunting task, having to manage dozens of credentials and recording progress through each customer’s maintenance schedule. Wouldn’t it be great if there was a way to see all of this at one time, with a single login, in the Azure portal?

The Common Problem

Both enterprises and service providers need to be able to understand who has been given access to which digital assets. On the enterprise side, having to create and maintain new credentials for every consultant who comes in and leaves is costly and difficult.  On the service provider side, needing to maintain separate Azure credentials for each of your clients and having to bounce between each one to check on the status of your software is a mess.

Azure Lighthouse: A Light in the Dark

Azure Lighthouse was designed to simplify identity and access management for both enterprises and service providers alike. Microsoft worked with enterprises and service providers alike to understand the challenges they faced with respect to digital estate access and identity management. With Lighthouse, an enterprise grants a single token to a service provider, and with that token controls access for the service provider to all of the assets within their digital estate. In turn, the service provider is in charge of managing their own staff with respect to granting access to specific enterprise components owned by the client.

When a relationship with a service provider ends, the enterprise simply revokes the access token granted to the service provider and all access is eliminated. When an employee or contractor leaves the service provider, the service provider can handle revoking that employee’s access without the client needing to be involved.

For service providers, one of the most powerful aspects of Lighthouse is having access to a single web view that provides an overview of the digital assets of their entire client base. Instead of having to login to every individual enterprise, one login can see all of the recommended actions, warnings, and monitoring across their entire portfolio of enterprise clients. And because Lighthouse is ARM-enabled, service providers can take advantage of scripting and automation to simplify common, cross-client tasks, such as setting up alerts or deploying log analytic components to virtual machines.

What Next?

Azure Lighthouse cleans up a lot of the security mess from the earlier days of Azure. It is a powerful tool for managing access to digital estates. Once you get your bearings with the Lighthouse conceptual framework, a whole new world of unified digital estate management opens up. Enterprises gain unprecedented control over third-party access to their digital estates. Service providers can view, manage, and automate across all of their clients in a single place.

Are you considering Azure Lighthouse? I’d love to hear from anyone thinking about dipping their toes in these waters. What pain points do you want to address? How would it change your day-to-day activities? Drop me a line in the comment section below!