Extending Azure Resource Manager with delegated resource management

Granular access, better automation, and simplified client onboarding

“Azure delegated resource management empowers Nordcloud clients to readily provide secure access. It simplifies onboarding new managed services clients, ensuring our high security and compliance standards are met. ”
When Azure as a platform does more for our partners, our partners may focus more on providing differentiated services and higher value to our combined customers. That’s how partners make more possible on Azure. We look forward to hearing your feedback about Azure Lighthouse and delegated resource management.

Examples from two of our specialist spouses, Rackspace and Sentia, highlight the energy of Azure Lighthouse and delegated resource management:

Cross-tenant direction at scale, with enhanced visibility and governance

  1. Using Azure Resource Graph and cross-tenant queries to quickly find which customers have affected images or hosts deployed
  2. Implementing an in-guest audit coverage across all clients ’ managed estates to confirm host configurations relating to impact/vulnerability
  3. Applying upgrade management to report impacted systems and schedule targeted hot fixes

Powering Azure Lighthouse is an Azure Resource Manager capability named assigned resource management. Delegated resource management enables customers assign permissions to support suppliers over scopes, including subscriptions, resource collections, and respective resources, which enable service providers to perform management operations in their own behalf. After clients assign funds to a service provider, the provider can offer access to users or accounts from supplier ’s renter over the limits specified by the customer, using the conventional role-based access control (RBAC) mechanisms. The standard RBAC mechanisms work as if customer resources were tools in provider’s subscriptions. Finally, assigned resource management works consistently whatever the licensing construct providers and their clients might choose–enterprise agreement (EA), cloud alternative provider (CSP), and pay-as-you-go.

Sentia pivoted CI/CD pipeline to use declarative Azure Resource Manager templates for provisioning management artifacts across all of clients that are under Azure CSP licensing construct. Sentia’s managed services provide is currently 90 percent according to Resource Manager templates, which simplifies deployments radically, automating observation, governance, and management jobs at scale, across clients. 

  • Partners may build cross-tenant experiences into their options with minimal development, because Azure Resource Manager APIs and Azure Resource Graph questions are now enhanced with tenant circumstance.
  • Service providers and ISVs may extend and serve-up their IP natively within Azure using custom suppliers. Imagine end-customers increasing service requests to service providers from inside Azure, as a result of the ability of custom provider to incorporate ITSM tools’ capabilities natively to Azure.
  • Customers can buy applications developed by partners in the Azure Marketplace which come with direction from the box provided by service providers. Underlying application tools are safeguarded from the customer while they use the new managed application UI to interact with an application safely. Service suppliers are given complete access to the application to maintain, update, and provide application support for the client from managed application center.

How our spouses use Azure Lighthouse

Everything applicable to Azure resource management, in the Azure portal to solutions like Azure Policy, Resource Graph, Log Analytics characteristic of Azure Monitor, or Update Management, all honour assigned resource administration. What’s more, both clients and service providers may view who required actions on the resources from the action log, increasing accountability for both parties, with protection of the privacy of individual service supplier identities. That’s because the newly built resource provider, Microsoft Managed Services, empowers Azure services to find out if a call was made from a source ’s home tenant or by a service supplier ’s tenant.
Our partners have a lot of options for the way they use these new capabilities. Considering that the Azure Lighthouse portal encounters have corresponding APIs, PowerShell, Azure CLI, REST APIs, or client SDKs, it’s easy to incorporate into other cloud management portal sites, ITSM tools, or even monitoring tools.
Delegated Resource Mangement

Ilja Summala, Group CTO, Nordcloud

Azure Lighthouse and delegated resource management are the latest of the platform investments we continue to make for our partners. Together with Azure handled applications and custom providers, they empower comprehensive management-at-scale capacity for partners and clients. To hear more, watch my presentation in Microsoft Build 2019. Some of the other management innovations we’t made include the following:
Rackspace is improving security and response capabilities using Azure Lighthouse in three steps:
Delegated management uniquely supports management-at-scale and automation patterns of service suppliers, whether those suppliers are handled services partners acting on behalf of consumers or central IT groups of enterprises with numerous Azure tenants. Partners are now able to manage tens of thousands of funds from thousands of distinct customers from their Azure portal or CLI context. Because customer funds are observable to service suppliers as Azure tools in their tenant, service providers can easily automate status monitoring, and applying create, update, alter, delete (CRUD) changes round the sources of several customers from a single site.
Now, Erin Chapple, Corporate Vice President, Microsoft Azure, announced the general availability of Azure Lighthouse, a single control plane for service providers to view and handle Azure across all their clients. Inspired by Azure partners who continue to integrate infrastructure-as-code and automation in their controlled service clinics, Azure Lighthouse introduces a brand new delegated resource theory that simplifies cross-tenant operations and governance.
“We are thrilled to see the adoption of this new Azure Lighthouse capabilities into Veeam’s Backup-as-a-Service offerings, representing a natural expansion of our cloud-based small business offerings. This partnership is a great chance for our managed services providers to readily expand Backup-as-a-Service offerings by Veeam using Azure Lighthouse, to be able to handle their Azure customers at scale. ”