Azure Lighthouse reference architecture for MSP

Frequent Contributor

Team just wondering any github or any other links that can help to build me a Azure Lighthouse reference architecture for Managed service Provider 

1 Reply
Do you mean ?

It's not super hard: the MSP's AAD tenant is delegated the right by the customer to manage their resources. This can happen by a marketplace offering, or through an ARM template. Figure out which rights the MSP wants to use, e.g. a MSPContributors group that gets contributor rights, and an MSPReaders group that gets the reader role (only builtin roles), and a user at the customers' tenant with Owner rights deploys the ARM template that includes the MSP groups. Once it is rolled out, the MSP's tenant can access the customer's subscription as if it can reach any subscriptions that are under the customers' tenant.

The difficult piece in this is "which rights do you want to have as MSP", and "how do you update rights at a customers' subscription if you need other rights"? With a few it's not a big chore, with 100s of subscriptions, you'd better have some automation..