Merge pull request #180396 from JnHs/jh-lh-csppim

PRMerger16 · web-flow · commit fa0911cf9db9 · 2021-11-18T10:45:45.000-08:00
add eligible authorizations
diff --git a/articles/lighthouse/concepts/cloud-solution-provider.md b/articles/lighthouse/concepts/cloud-solution-provider.md
@@ -1,7 +1,7 @@
 ---
 title: Cloud Solution Provider program considerations
 description: For CSP partners, Azure delegated resource management helps improve security and control by enabling granular permissions.
-ms.date: 09/13/2021
+ms.date: 11/18/2021
 ms.topic: conceptual
 ---
 
@@ -22,10 +22,14 @@ With AOBO, any user with the [Admin Agent](/partner-center/permissions-overview#
 
 ## Azure Lighthouse
 
-Using Azure Lighthouse, you can assign different groups to different customers or roles, as shown in the following diagram. Because users will have the appropriate level of access through [Azure delegated resource management](architecture.md), you can reduce the number of users who have the Admin Agent role (and thus have full AOBO access). This helps improve security by limiting unnecessary access to your customers' resources. It also gives you more flexibility to manage multiple customers at scale, using the [Azure built-in role](tenants-users-roles.md#role-support-for-azure-lighthouse) that's most appropriate for each user's duties, without granting a user more access than necessary.
+Using Azure Lighthouse, you can assign different groups to different customers or roles, as shown in the following diagram. Because users will have the appropriate level of access through [Azure delegated resource management](architecture.md), you can reduce the number of users who have the Admin Agent role (and thus have full AOBO access).
 
 ![Diagram showing tenant management using AOBO and Azure Lighthouse.](../media/csp-2.jpg)
 
+Azure Lighthouse helps improve security by limiting unnecessary access to your customers' resources. It also gives you more flexibility to manage multiple customers at scale, using the [Azure built-in role](tenants-users-roles.md#role-support-for-azure-lighthouse) that's most appropriate for each user's duties, without granting a user more access than necessary.
+
+To further minimize the number of permanent assignments, you can [create eligible authorizations](../how-to/create-eligible-authorizations.md) (currently in public preview) to grant additional permissions to your users on a just-in-time basis.
+
 Onboarding a subscription that you created through the CSP program follows the steps described in [Onboard a subscription to Azure Lighthouse](../how-to/onboard-customer.md). Any user who has the Admin Agent role in your tenant can perform this onboarding.
 
 > [!TIP]
