Azure Lighthouse provides capabilities to perform cross-tenant management at scale. We do this by providing you the ability to view and manage multiple customers from a single context. When you log into Azure, you can see all of your customers who you are managing through Azure Lighthouse. Learn more.
This repository contains samples to help you use Azure Resource Manager to configure Azure delegated resource management and to configure monitoring and management of customer environments.
The templates shown below can be used to onboard a customer to Azure Lighthouse. You can deploy these manually, or use the "Deploy to Azure" buttons to deploy directly in the Azure portal.
| Name | Description | Auto-deploy | Manual deploy |
|---|---|---|---|
| Azure Lighthouse - Subscription Deployment | onboard a subscription | templates | |
| Azure Lighthouse - Resource Group Deployment | onboard a resource group | templates | |
| Azure Lighthouse - Multiple Resource Group Deployment | onboard multiple resource groups | templates | |
| Azure Lighthouse + Azure AD PIM - Subscription Deployment | onboard a subscriptions using Azure AD PIM (preview) | templates | |
| Azure Lighthouse + Azure AD PIM - Resource Group Deployment | onboard a *resource groups using Azure AD PIM (preview) | templates | |
| Azure Lighthouse + Azure AD PIM - Multiple Resource Group Deployment | onboard multiple resource groups using Azure AD PIM (preview) | templates |
Note for customers using Azure Lighthouse+Azure AD PIM: All Azure Lighthouse+Azure AD PIM functionality is currently in private preview. If you are a customer onboarding your scopes to Azure Lighthouse for management and your service provider is using Azure AD PIM functionality, you may see a governance API error message if your subscription is not explictily registered (allowed-list of subscriptions) for Azure Lighthouse+PIM preview. Simply request to enable the subscription your are trying to delegate for the preview to resolve this error by sending an email to azurelighthouse@microsoft.com
Special Instructions (for MSPs): To customize, fork this repository, and follow these instructions to update the links to enable your customers to deploy your templates into their Azure environments.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.