Azure Lighthouse

Azure Lighthouse provides centralized management capabilities for service providers and enterprise IT organizations across multiple tenants.

See Microsoft's documentation What is Azure Lighthouse? for more details.

SquaredUp DS for Azure has been tested and is supported for use with Azure Lighthouse. You are advised to apply suitable naming conventions to resource groups and their resources.

Advisory

Open Access

You can enable Open Access (Sharing Dashboards with anyone - Open Access) in one of two ways:

  1. The SquaredUp Enterprise Application must be included in a group in the Cloud Solution Provider's (CSP's) tenant which has been delegated a role which can perform the necessary actions (e.g. the Reader role).
  2. The SquaredUp Enterprise Application must be delegated to directly under a role which can perform the necessary actions (e.g. the Reader role).

For example, to enable Open Access using the 2nd method, your subscription Azure Resource Manager (ARM) template (delegatedResourceManagement.parameters.json) might use the following authorizations value:

"authorizations": {
    "value": [
        {
          "principalId": "668cac69-3bc8-4678-b4e6-db22946df3bb",
          "principalIdDisplayName": "SquaredUpAzure-006d9be8-30a1-4782-97d8-a8265ca28ad1",
          "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
        }
    ]
}

Where principalId is the object ID of the SquaredUp Enterprise Application, and principalIdDisplayName is the name to label the delegation of your SquaredUp Enterprise Application.

Cost Management

The Cost tile (How to use the Cost Management tile) is able to display cost information provided the resource group(s)/subscription(s) have been delegated under a role which has the necessary actions (e.g. the Cost Management Reader role).

Enable Resource providers on both CSP and Customer tenants

Resource providers (such as microsoft.insights) may need to be enabled on both the customer's and the CSP's tenants, otherwise an error may be thrown.

Subscription information

The Subscription name and limited information is visible to end users when a resource group has been delegated.

Scope - Filter by tenant

By default results are shown across all tenants. In SquaredUp DS 4.7 and above a user who has access to multiple tenants will see a filter by tenant option.

In a multi-tenant environment a user who does not have access to all tenants will see the following message if they attempt to edit a scope containing tenants that they do not have access to:

"You do not have access to all of the tenants currently selected" or "Tenant ID could not be resolved"

Custom labels

You may find it useful to add the tenantName to the sublabel template using the custom label option (How to use Custom Labels):

The tenant name will only display in a custom label in Open Access if it’s not the primary tenant.

Was this article helpful?

Have more questions or facing an issue?
Submit a ticket