Microsoft Tests Giving MSPs 'Just-in-Time' Access for Azure Lighthouse

Azure Lighthouse, Microsoft's multitenant management solution for use by its managed service provider (MSP) partners, has a new feature in preview that potentially adds to the trust relationship between MSPs and their customers.

Microsoft last week announced the preview of Azure Active Directory Privileged Identity Management (PIM) in Azure Lighthouse. With it, customers can specify that MSPs have network access granted for a limited period of time, which is called "just-in-time access" (JIT). Microsoft's JIT scheme gives a partner up to eight hours of access time to complete a management task, for instance, before those permissions get revoked.

Microsoft released Azure Lighthouse for its partners during the 2019 Microsoft Inspire event. This year's two-day Inspire online event is set to kick off on July 14, which perhaps explains the timing of the Azure Lighthouse announcement.

With the Azure AD PIM integration in Azure Lighthous, customers can impose conditions on partners using Azure Lighthouse. They can enforce the use of multifactor authentication when accessing accounts, for instance, Microsoft's announcement explained.

In addition to the Azure AD PIM integration, now at preview, Microsoft is working on adding future Azure Lighthouse enhancements. Those coming enhancements include:

  • Enabling the use of the Azure CLI (Command-Line Interface) or PowerShell to initiate the Azure AD PIM onboarding experience.
  • Integration of Azure AD PIM logs into the Azure Resource Manager portal.
  • Delivering account management best-practice recommendations to partners via Azure Advisor.

The Microsoft Inspire event this week will have two Azure Lighthouse sessions of note, namely "Create hybrid and multi-cloud strategies with Microsoft Azure" and "Building Profitable and Secure Managed Services on Azure with Azure Lighthouse and Azure Arc."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.