This blog post was co-authored by Sonia Cuff, Senior Cloud Advocate Azure
With an increasingly complex security landscape and an ever-growing service partner portfolio, how do you stay on top of industry-standard best practices? As your business needs grow, you employ more and more partners to support your infrastructure, network, apps, and employees, but with that support comes a required level of access—how do you keep track of who has access to what and what exactly they're doing to your resources?
Typically, when working with a Managed Service Provider (MSP) to manage your Azure estate, you would provision guest identities for the service partner within the Azure tenant, where the resources live. While this gives you full control over the service partner’s footprint on your environment, this option often involves significant overhead on your end.
For example, you need to ensure timely deprovisioning of service partner identities when that identity is no longer associated with an engagement in your estate. Many customers often overcome some of the associated overhead by giving named accounts from the service partner a higher level of role-based access control over a larger scope than required—sometimes to their entire Azure tenant. While contributor or privileged access is critical for service partners to deliver certain services, not every operator at the service partner needs this level of standing access. However, the associated overhead of managing tens or hundreds of service partner identities, sometimes for multiple service partners, is expensive and laborious for many customers.
You need a solution to give you peace of mind that your partners can efficiently support your organization without compromising security—something that enables zero-trust security and least-privileged access principles with just enough and just-in-time access to granular scopes.
Azure Lighthouse helps you take control, stay secure, and be informed. Let’s take a look at the top four reasons why our customers are asking their service partners for Azure Lighthouse.