You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/lighthouse/concepts/isv-scenarios.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,13 @@
1
1
---
2
2
title: Azure Lighthouse in ISV scenarios
3
-
description: The capabilities of Azure Lighthouse can be used by ISVs for more flexibility with customer offerings.
3
+
description: ISVs can use the capabilities of Azure Lighthouse for more flexibility with customer offerings.
4
4
ms.date: 07/10/2024
5
5
ms.topic: conceptual
6
6
---
7
7
8
8
# Azure Lighthouse in ISV scenarios
9
9
10
-
A typical scenario for [Azure Lighthouse](../overview.md) involves a service provider that manages resources in its customers' Microsoft Entra tenants. However, the capabilities of Azure Lighthouse can also be used by Independent Software Vendors (ISVs) using SaaS-based offerings with their customers. Azure Lighthouse can be especially useful for ISVs who are offering managed services or support that require access to the subscription scope.
10
+
A typical scenario for [Azure Lighthouse](../overview.md) involves a service provider that manages resources in its customers' Microsoft Entra tenants. Independent Software Vendors (ISVs) using SaaS-based offerings with their customers may also benefit from the capabilities of Azure Lighthouse. Using Azure Lighthouse can be especially helpful for ISVs who offer managed services that require access to a customer's subscription scope.
11
11
12
12
## Managed Service offers in Azure Marketplace
13
13
@@ -21,11 +21,11 @@ For more information, see [Publish a Managed Service offer to Azure Marketplace]
21
21
22
22
For more information, see [Azure Lighthouse and Azure managed applications](managed-applications.md).
23
23
24
-
## SaaS-based multi-tenant offerings
24
+
## SaaS-based multitenant offerings
25
25
26
26
An additional scenario is where the ISV hosts resources in a subscription in their own tenant, then uses Azure Lighthouse to let customers access those specific resources. Once this access is granted, the customer can log in to their own tenant and access the resources as needed. The ISV maintains their IP in their own tenant, and can use their own support plan to raise tickets related to the solution hosted in their tenant, rather than the customer's plan. Since the resources are in the ISV's tenant, all actions can be performed directly by the ISV, such as logging into VMs, installing apps, and performing maintenance tasks.
27
27
28
-
In this scenario, users in the customer’s tenant are essentially granted access as a "managing tenant", even though the customer is not managing the ISV's resources. Because they are accessing the ISV's tenant directly, it’s important to grant only the minimum permissions necessary, so that customers can't inadvertently make changes to the solution or other ISV resources.
28
+
In this scenario, users in the customer's tenant are essentially granted access as a "managing tenant," even though the customer isn't managing the ISV's resources. Because the customer is directly accessing the ISV's tenant, it's important to grant only the minimum permissions necessary, so that they can't make changes to the solution or access other ISV resources.
29
29
30
30
To enable this architecture, the ISV needs to obtain the object ID for a user group in the customer's Microsoft Entra tenant, along with their tenant ID. The ISV then builds an ARM template granting this user group the appropriate permissions, and [deploys it on the ISV's subscription](../how-to/onboard-customer.md) that contains the resources that the customer will access.
Copy file name to clipboardExpand all lines: includes/azure-lighthouse-samples-monitor.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,14 +7,13 @@ ms.service: lighthouse
7
7
ms.topic: include
8
8
ms.date: 07/10/2024
9
9
ms.author: jenhayes
10
-
ms.custom: include file
11
10
---
12
11
13
-
These samples show how to use Azure Monitor to create alerts for subscriptions that have been onboarded to Azure Lighthouse.
12
+
These samples show how to use Azure Monitor to create alerts for subscriptions that are onboarded to Azure Lighthouse.
14
13
15
14
|**Template**|**Description**|
16
15
|---------|---------|
17
-
|[monitor-delegation-changes](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/tools/monitor-delegation-changes)| Queries the past day of activity in a managing tenant and [reports on any added or removed delegations](../articles/lighthouse/how-to/monitor-delegation-changes.md) (or attempts that were not successful).|
16
+
|[monitor-delegation-changes](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/tools/monitor-delegation-changes)| Queries the past day of activity in a managing tenant and [reports on any added or removed delegations](../articles/lighthouse/how-to/monitor-delegation-changes.md) (or attempts that weren't successful).|
18
17
|[alert-using-actiongroup](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/alert-using-actiongroup)| Creates an Azure alert and connects to an existing action group.|
19
18
|[multiple-loganalytics-alerts](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/multiple-loganalytics-alerts)| Creates multiple log alerts based on Kusto queries.|
20
19
|[delegation-alert-for-customer](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/delegation-alert-for-customer)| Deploys an alert in a tenant when a user delegates a subscription to a managing tenant.|
Copy file name to clipboardExpand all lines: includes/azure-lighthouse-samples-onboarding.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,16 +7,15 @@ ms.service: lighthouse
7
7
ms.topic: include
8
8
ms.date: 07/10/2024
9
9
ms.author: jenhayes
10
-
ms.custom: include file
11
10
---
12
11
13
-
We provide different templates to address specific onboarding scenarios. Choose the option that works best, and be sure to modify the parameter file to reflect your environment. For more info about how to use these files in your deployment, see [Onboard a customer to Azure Lighthouse](../articles/lighthouse/how-to/onboard-customer.md).
12
+
We provide different templates to address specific onboarding scenarios. Be sure to modify the parameter file to reflect your environment. For more info about how to use these files in your deployment, see [Onboard a customer to Azure Lighthouse](../articles/lighthouse/how-to/onboard-customer.md).
14
13
15
14
|**Template**|**Description**|
16
15
|---------|---------|
17
16
|[subscription](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/delegated-resource-management/subscription)| Onboard a customer's subscription to Azure Lighthouse. A separate deployment must be performed for each subscription. |
18
17
|[rg and multi-rg](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/delegated-resource-management/rg)| Onboard one or more of a customer's resource groups to Azure Lighthouse. Use rg.json to onboard a single resource group, or multi-rg.json to onboard multiple resource groups within a subscription. |
19
-
|[marketplace-delegated-resource-management](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/marketplace-delegated-resource-management)| If you've[published a managed services offer to Azure Marketplace](../articles/lighthouse/how-to/publish-managed-services-offers.md), you can optionally use this template to onboard resources for customers who have accepted the offer. The marketplace values in the parameters file must match the values that you used when publishing your offer. |
18
+
|[marketplace-delegated-resource-management](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/marketplace-delegated-resource-management)| If you [published a managed services offer to Azure Marketplace](../articles/lighthouse/how-to/publish-managed-services-offers.md), you can optionally use this template to onboard resources for customers who accepted the offer. The marketplace values in the parameters file must match the values that you used when publishing your offer. |
20
19
21
20
To include [eligible authorizations](../articles/lighthouse/how-to/create-eligible-authorizations.md), select the corresponding template from the [delegated-resource-management-eligible-authorizations](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/delegated-resource-management-eligible-authorizations) section of our samples repo.
Copy file name to clipboardExpand all lines: includes/azure-lighthouse-samples-scenarios.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,6 @@ ms.service: lighthouse
7
7
ms.topic: include
8
8
ms.date: 07/10/2024
9
9
ms.author: jenhayes
10
-
ms.custom: include file
11
10
---
12
11
13
12
These samples illustrate various tasks that can be performed in cross-tenant management scenarios.
@@ -16,7 +15,7 @@ These samples illustrate various tasks that can be performed in cross-tenant man
16
15
|---------|---------|
17
16
| [`create-keyvault-secret`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/create-keyvault-secret) | Creates a Key Vault in the customer's tenant and creates access policies.
18
17
|[`cross-rg-deployment`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/cross-rg-deployment)| Deploys storage accounts into two different resource groups.|
19
-
|[`deploy-azure-mgmt-services`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-azure-mgmt-services)| Creates Azure management services, links them together, and deploys additional solutions. For an end-to-end deployment, use the [rgWithAzureMgmt.json](https://github.com/Azure/Azure-Lighthouse-samples/blob/master/templates/deploy-azure-mgmt-services/rgWithAzureMgmt.json) template. |
18
+
|[`deploy-azure-mgmt-services`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-azure-mgmt-services)| Creates Azure management services, links them together, and deploys solutions. For an end-to-end deployment, use the [rgWithAzureMgmt.json](https://github.com/Azure/Azure-Lighthouse-samples/blob/master/templates/deploy-azure-mgmt-services/rgWithAzureMgmt.json) template. |
20
19
|[`deploy-azure-security-center`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-azure-security-center)| Enables and configures Microsoft Defender for Cloud within the targeted Azure subscription. |
21
20
|[`deploy-azure-sentinel`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-azure-sentinel)| Deploys and enables Microsoft Sentinel on an existing Log Analytics workspace in a delegated subscription. |
22
21
|[`deploy-log-analytics-vm-extensions`](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/deploy-log-analytics-vm-extensions)| Allows you to deploy Log Analytics VM extensions to your Windows and Linux VMs, connecting them to the designated Log Analytics workspace. |
0 commit comments