Enabling security and management across all your SMB customers with Microsoft 365 Lighthouse
Published Jan 10 2024 08:00 AM 2,056 Views
Microsoft

One of the common adoption blockers we have heard of from our partners is that they cannot standardize their security and management practices on Microsoft 365 Lighthouse because they cannot manage all their customers using it. This has made it challenging to standardize procedures such as resetting passwords, identifying risky users, or simply navigating a customer admin portal with delegated access. While we made it simple to search and discover users across the SMB customers you were managing in Microsoft 365 Lighthouse, you still needed a second process for the customers you were not managing in Microsoft 365 Lighthouse. This was primarily due to the requirement for Microsoft 365 Business Premium. While we have expanded support for a limited set of subscriptions to manage a customer in Lighthouse over the past couple of years, it was still limited to subscriptions that offered premium security value, preventing you from having a single solution.

 

Today, we expand support for all your commercial and educational SMB customers. This enables you as a partner to create standardized processes for managing all your SMB customers in Lighthouse. Here are a few of the scenarios you can do now with all your Microsoft 365 SMB customers using Lighthouse:

  • Anticipate your customers' needs with proactive account management made easy with Sales Advisor opportunities.  Anticipate your customers' needs. Discover the best ways to add value and support business growth with AI-powered insights and recommendations. 

    Learn more: Introducing Sales Advisor – unlock your customer’s potential in Microsoft 365 Lighthouse - Microsoft...
    Screenshot of Microsoft 365 Lighthouse Opportunities page with AI-powered insights and recommendations to grow a customer.Screenshot of Microsoft 365 Lighthouse Opportunities page with AI-powered insights and recommendations to grow a customer.
  • Simplified delegated access across all your customer tenants. Configure granular delegated access to your customers’ tenants to manage users, devices, and data quickly and easily. Reduce risk by rightsizing delegated permissions across your organization while improving your productivity with a guided wizard that helps you scale best practices from across the MSP industry to set up Granular Delegated Access Privileges (GDAP).

    Learn more: Set up GDAP (microsoft.com)

    Screenshot of Microsoft 365 Lighthouse Granular Delegated Access Privileges setup wizard.Screenshot of Microsoft 365 Lighthouse Granular Delegated Access Privileges setup wizard.

  • Assist with everyday user management. Lighthouse enables end-to-end user management, which allows you to create new users and quickly search and modify existing user details, including managing security groups, licensing, etc., and offboarding users. In addition to basic user management, Lighthouse adds value by providing management views across your Microsoft SMB customers that allow you to quickly identify and act on inactive accounts, Global Admin accounts, risky user behavior, and multi-factor authentication.

Screenshot of Microsoft 365 Lighthouse showing how to search for a user and view the user’s details.Screenshot of Microsoft 365 Lighthouse showing how to search for a user and view the user’s details.

  • Gain visibility into any Microsoft 365 incidents or advisories affecting your customers with a multi-tenant Service health dashboard.

    Screenshot of Microsoft 365 Lighthouse Service Health page.Screenshot of Microsoft 365 Lighthouse Service Health page.

  • One of the challenges of managing multiple customers is that you often need to use different admin portals, such as the Microsoft 365 admin center, the Azure portal, Microsoft Intune, or Exchange, to name a few.  Lighthouse lets you quickly and securely access other Microsoft admin portals for each of your SMB customers in the context of your partner tenant credentials using GDAP. Lighthouse users can leverage our security and management scenarios and seamlessly jump to another Microsoft admin portal when necessary. 


    Learn more: Manage your customers with Microsoft 365 Lighthouse

Screenshot of Microsoft 365 Lighthouse showing how to navigate into a customer’s Microsoft Entra admin portal.Screenshot of Microsoft 365 Lighthouse showing how to navigate into a customer’s Microsoft Entra admin portal.

We are just getting started and will continue to expand on the capabilities we offer to manage the breadth of customers you have in the coming months. So, check back often to learn what is new with Lighthouse.  

 

Not able to manage a customer in Lighthouse?

Here are cases where you will still find that a customer has limited management capabilities in Lighthouse and how you can change it.

  • By far, the most common cause a customer is “Limited” in that the customer tenant no longer has any active subscriptions and is no longer in use. If this is the case, the recommendation is to remove the reseller relationship (and GDAP relationships (Partner-led termination of a granular admin relationship - Partner Center | Microsoft Learn). It is a best practice to remove relationships that are no longer needed to reduce unnecessary exposure to your organization.
  • The second most common cause a customer is “Limited” is that delegated permissions (GDAP) have not been setup. You can use the GDAP setup wizard within Lighthouse to resolve this (Set up GDAP for your customers in Microsoft 365 Lighthouse - Microsoft 365 Lighthouse | Microsoft Le...).
  • The customer tenant is in the Government Cloud. Unfortunately, we cannot support the management of this customer in Microsoft 365 Lighthouse.
  • The customer is not an SMB and has more than 2,500 licensed users.
  • You are not in the same geographic area as the customer. If you have customers in a different geographic area, you can set up Lighthouse in that region to manage them.
  • Lastly, some cases exist where tenants are used for Azure and not Microsoft 365. In that case, we recommend you check out Azure Lighthouse: What is Azure Lighthouse? - Azure Lighthouse | Microsoft Learn

To know why a specific customer is limited, click on Tenants link from the left navigation within Lighthouse and click the “Limited” link to bring up details on why they are not fully managed in Lighthouse:

Tenant list showing Contoso as “Limited” because delegated access has not been configured.Tenant list showing Contoso as “Limited” because delegated access has not been configured.

If you have a customer tenant using the Microsoft 365 services and you only have Limited management capabilities within Lighthouse, we want to know. You can leave comments below or use the feedback mechanism in Lighthouse. We want to enable you to manage all your active Microsoft 365 SMB customer tenants in Lighthouse.

If you already have Lighthouse, sign in and check out the links to other Microsoft admin centers at lighthouse.microsoft.com. If you don’t have Lighthouse, Sign up for Microsoft 365 Lighthouse to get started today.   

Version history
Last update:
‎Jan 10 2024 09:22 AM
Updated by: