SOLVED

azure lighthouse Query

Copper Contributor

Hi All,

 

I am in the process of creating the ARM template to deploy the Azure light house in our environment. I am pretty new to this platform. Request everyone support to understand the design and concept of Sentinel.

As far as I am aware to deploy the Multi-tenant, we require to set up the Azure Light house. On referring the KB article, to create the ARM template, there was an field called "Delegated scope" where we  need to choose either "subscription" or "resource" group. I would like to understand the difference between them. Kindly support

2 Replies
best response confirmed by venkataramanan6224 (Copper Contributor)
Solution
Hi venkat !
Here it is !! you can understand this is in simple terms

Delegated Scope: Subscription vs Resource Group

When creating an ARM template for Azure Lighthouse, you need to specify the delegated scope, which determines the level of access and management capabilities for the service provider.

Here are the key differences between "subscription" and "resource group" in the delegated scope field:

Subscription
Scope: The entire Azure subscription
Access: The service provider has access to all resources within the subscription, including resource groups, resources, and subscriptions.
Management: The service provider can manage all aspects of the subscription, including billing, policies, and access control.
Resource Group
Scope: A specific Azure resource group
Access: The service provider has access only to the specified resource group and its resources.
Management: The service provider can manage only the resources within the specified resource group, without access to other resources or subscriptions.
Thank you Sir
1 best response

Accepted Solutions
best response confirmed by venkataramanan6224 (Copper Contributor)
Solution
Hi venkat !
Here it is !! you can understand this is in simple terms

Delegated Scope: Subscription vs Resource Group

When creating an ARM template for Azure Lighthouse, you need to specify the delegated scope, which determines the level of access and management capabilities for the service provider.

Here are the key differences between "subscription" and "resource group" in the delegated scope field:

Subscription
Scope: The entire Azure subscription
Access: The service provider has access to all resources within the subscription, including resource groups, resources, and subscriptions.
Management: The service provider can manage all aspects of the subscription, including billing, policies, and access control.
Resource Group
Scope: A specific Azure resource group
Access: The service provider has access only to the specified resource group and its resources.
Management: The service provider can manage only the resources within the specified resource group, without access to other resources or subscriptions.

View solution in original post