The following will assist in accessing an Azure Subscription in another tenant than the Entra ID tenant you are working in.
This is especially useful where you are using Demo Resources tenants like CDX (Contoso tenant) or a Microsoft 365 Developer Sandbox tenant where you normally would have direct access to an Azure subscription.
In the Entra tenant where you will be working with labs and demo scenarios, take a note of the Tenant ID, and then create a Security Group where you add your admin account (and any other admin accounts needed), and take a note of the Group Object ID.
Login to an Azure subscription where you can create resources like Resource Groups, Logic Apps etc for the later labs, using Azure CLI.
az login --tenant yourtenant.onmicrosoft.com
After logging in, confirm the right subscription. If you need to verify or change between Azure subscriptons, run:
az account show
az account set --subscription "your-subscription-name-or-id"
In the main.bicep file, change all relevant parameters to reflect your environment and choice of naming. Add your Tenant ID and Group Object ID from above.
Deploy the main.bicep file with one of the following commands, changing the deployment names and location as needed.
Deploy as Subscription Deployment:
az deployment sub create --name 'deploy-sub-yourorg-iam-lighthouse' --location norwayeast --template-file main.bicep
Deploy as Deployment Stack:
az stack sub create --location NorwayEast --name "deploy-stack-yourorg-iam-lighthouse" --template-file .\main.bicep --deny-settings-mode none --action-on-unmanage deleteResources