You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/lighthouse/concepts/cross-tenant-management-experience.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Cross-tenant management experiences
3
3
description: Azure Lighthouse enables and enhances cross-tenant experiences in many Azure services.
4
-
ms.date: 03/01/2023
4
+
ms.date: 12/01/2023
5
5
ms.topic: conceptual
6
6
---
7
7
@@ -14,7 +14,7 @@ As a service provider, you can use [Azure Lighthouse](../overview.md) to manage
14
14
15
15
## Understanding tenants and delegation
16
16
17
-
A Microsoft Entra tenant is a representation of an organization. It's a dedicated instance of Microsoft Entra ID that an organization receives when they create a relationship with Microsoft by signing up for Azure, Microsoft 365, or other services. Each Microsoft Entra tenant is distinct and separate from other Microsoft Entra tenants, and has its own tenant ID (a GUID). For more information, see [What is Microsoft Entra ID?](../../active-directory/fundamentals/active-directory-whatis.md)
17
+
A Microsoft Entra tenant is a representation of an organization. It's a dedicated instance of Microsoft Entra ID that an organization receives when they create a relationship with Microsoft by signing up for Azure, Microsoft 365, or other services. Each Microsoft Entra tenant is distinct and separate from other Microsoft Entra tenants, and has its own tenant ID (a GUID). For more information, see [What is Microsoft Entra ID?](/entra/fundamentals/whatis)
18
18
19
19
Typically, in order to manage Azure resources for a customer, service providers must sign in to the Azure portal using an account associated with that customer's tenant. In this scenario, an administrator in the customer's tenant must create and manage user accounts for the service provider.
20
20
@@ -46,7 +46,8 @@ Most Azure tasks and services can be used with delegated resources across manage
46
46
[Azure Arc](../../azure-arc/index.yml):
47
47
48
48
- Manage hybrid servers at scale - [Azure Arc-enabled servers](../../azure-arc/servers/overview.md):
49
-
- Manage Windows Server or Linux machines outside Azure that are [connected](../../azure-arc/servers/learn/quick-enable-hybrid-vm.md) to delegated subscriptions and/or resource groups in Azure
49
+
-[Onboard servers](../../azure-arc/servers/learn/quick-enable-hybrid-vm.md) to delegated customer subscriptions and/or resource groups in Azure
50
+
- Manage Windows Server or Linux machines outside Azure that are connected to delegated subscriptions
50
51
- Manage connected machines using Azure constructs, such as Azure Policy and tagging
51
52
- Ensure the same set of [policies are applied](../../azure-arc/servers/learn/tutorial-assign-policy-portal.md) across customers' hybrid environments
52
53
- Use Microsoft Defender for Cloud to [monitor compliance across customers' hybrid environments](../../defender-for-cloud/quickstart-onboard-machines.md?pivots=azure-arc)
@@ -137,7 +138,7 @@ Most Azure tasks and services can be used with delegated resources across manage
137
138
- Integrate VMs with Azure Key Vault for passwords, secrets, or cryptographic keys for disk encryption by using [managed identity through policy](https://github.com/Azure/Azure-Lighthouse-samples/tree/master/templates/create-keyvault-secret), ensuring that secrets are stored in a Key Vault in the managed tenants
138
139
- Note that you can't use Microsoft Entra ID for remote login to VMs
139
140
140
-
[Microsoft Defender for Cloud](../../security-center/index.yml):
141
+
[Microsoft Defender for Cloud](../../defender-for-cloud/index.yml):
141
142
142
143
- Cross-tenant visibility
143
144
- Monitor compliance with security policies and ensure security coverage across all tenants' resources
Copy file name to clipboardExpand all lines: articles/lighthouse/how-to/manage-hybrid-infrastructure-arc.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: Manage hybrid infrastructure at scale with Azure Arc
3
3
description: Azure Lighthouse helps you effectively manage customers' machines and Kubernetes clusters outside of Azure.
4
-
ms.date: 12/01/2022
4
+
ms.date: 12/01/2023
5
5
ms.topic: how-to
6
6
---
7
7
@@ -13,16 +13,16 @@ ms.topic: how-to
13
13
14
14
With [Azure Arc–enabled servers](../../azure-arc/servers/overview.md), customers can manage Windows and Linux machines hosted outside of Azure on their corporate network, in the same way they manage native Azure virtual machines. Through Azure Lighthouse, service providers can then manage these connected non-Azure machines along with their customers' Azure resources.
15
15
16
-
[Azure Arc–enabled Kubernetes](../../azure-arc/kubernetes/overview.md) lets customers attach and configure Kubernetes clusters outside of Azure. When a Kubernetes cluster is connected to Azure Arc, it appears in the Azure portal with an Azure Resource Manager ID and a managed identity. Clusters are attached to standard Azure subscriptions, are located in a resource group, and can receive tags just like any other Azure resource. Through Azure Lighthouse, service providers can connect Kubernetes clusters and manage them along with their customer's Azure Kubernetes Service (AKS) clusters and other Azure resources.
16
+
[Azure Arc–enabled Kubernetes](../../azure-arc/kubernetes/overview.md) lets customers attach and configure Kubernetes clusters outside of Azure. When a Kubernetes cluster is connected to Azure Arc, it appears in the Azure portal with an Azure Resource Manager ID and a managed identity. Through Azure Lighthouse, service providers can connect Kubernetes clusters and manage them along with their customer's Azure Kubernetes Service (AKS) clusters and other Azure resources.
17
17
18
18
> [!TIP]
19
19
> Though we refer to service providers and customers in this topic, this guidance also applies to [enterprises using Azure Lighthouse to manage multiple tenants](../concepts/enterprise.md).
20
20
21
21
## Manage hybrid servers at scale with Azure Arc–enabled servers
22
22
23
-
As a service provider, you can manage on-premises Windows Server or Linux machines outside Azure that your customers have connected to their subscription using the [Azure Connected Machine agent](../../azure-arc/servers/agent-overview.md). When viewing resources for a delegated subscription in the Azure portal, you'll see these connected machines labeled with **Azure Arc**.
23
+
As a service provider, you can connect and disconnect on-premises Windows Server or Linux machines outside Azure to your customer's subscription. When you [generate a script to connect a server](/azure/azure-arc/servers/learn/quick-enable-hybrid-vm), use the `--user-tenant-id` parameter to specify your managing tenant, with the `--tenant-id` parameter indicating the customer's tenant.
24
24
25
-
You can manage these connected machines using Azure constructs, such as Azure Policy and tagging, just as you would manage the customer's Azure resources. You can also work across customer tenants to manage all connected machines together.
25
+
When viewing resources for a delegated subscription in the Azure portal, you'll see these connected machines labeled with **Azure Arc**. You can manage these connected machines using Azure constructs, such as Azure Policy and tagging, just as you would manage the customer's Azure resources. You can also work across customer tenants to manage all connected machines together.
26
26
27
27
For example, you can [ensure the same set of policies are applied across customers' hybrid machines](../../azure-arc/servers/learn/tutorial-assign-policy-portal.md). You can also use Microsoft Defender for Cloud to monitor compliance across all of your customers' hybrid environments, or [use Azure Monitor to collect data directly](../../azure-arc/servers/learn/tutorial-enable-vm-insights.md) into a Log Analytics workspace. [Virtual machine extensions](../../azure-arc/servers/manage-vm-extensions.md) can be deployed to non-Azure Windows and Linux VMs, simplifying management of your customers' hybrid machines.
28
28
@@ -34,10 +34,10 @@ If your customer has created a service principal account to onboard Kubernetes c
34
34
35
35
You can deploy [configurations and Helm charts](../../azure-arc/kubernetes/tutorial-use-gitops-flux2.md) using [GitOps for connected clusters](../../azure-arc/kubernetes/conceptual-gitops-flux2.md).
36
36
37
-
You can also [monitor connected clusters](../..//azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md) with Azure Monitor, and [use Azure Policy to apply cluster configurations at scale](../../azure-arc/kubernetes/use-azure-policy.md).
37
+
You can also [monitor connected clusters](../..//azure-monitor/containers/container-insights-enable-arc-enabled-clusters.md) with Azure Monitor, use tagging to organize clusters, and [use Azure Policy for Kubernetes](/azure/governance/policy/concepts/policy-for-kubernetes?toc=%2Fazure%2Fazure-arc%2Fkubernetes%2Ftoc.json&bc=%2Fazure%2Fazure-arc%2Fkubernetes%2Fbreadcrumb%2Ftoc.json) to manage and report on compliance state.
38
38
39
39
## Next steps
40
40
41
-
- Explore the [Azure Arc Jumpstart](https://azurearcjumpstart.io/).
41
+
- Explore the [Azure Arc Jumpstart](https://azurearcjumpstart.com/).
42
42
- Learn about [supported cloud operations for Azure Arc-enabled servers](../../azure-arc/servers/overview.md#supported-cloud-operations).
43
43
- Learn about [accessing connected Kubernetes clusters through the Azure portal](../../azure-arc/kubernetes/kubernetes-resource-view.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments