News

Microsoft Adds Privileged Identity Management Delegation to Azure Lighthouse

The commercial release of Privileged Identity Management (PIM)-enabled Azure Lighthouse delegations is now available, Microsoft on Monday announced.

The PIM-enabled delegations capability brings benefits to managed service providers using Azure Lighthouse, as well as their customers (or Azure "tenancies"). Microsoft had first previewed Azure AD PIM integration with Azure Lighthouse over a year ago, but now it's deemed ready for production use.

Azure Lighthouse is Microsoft's multitenant management solution that's mainly designed for use by managed service provider partners (MSPs) overseeing Azure services for customers. Microsoft also touts Azure Lighthouse use by enterprise organizations that are carrying out "cross-tenant management" tasks involving Azure services.

With PIM-enabled delegations in Azure Lighthouse, Azure tenancies can specify what their MSP can access, as well as the actions the MSPs can take. These Azure customers can also enforce multifactor authentication for MSP-managed tenancy access. Multifactor authentication entails providing another means of identity verification besides a password.

Another benefit for managed Azure tenancies is the ability to set "just-in-time" access delegations for MSPs, which grants service providers Azure tenancy access for a set period of time. The just-in-time option stems from the Azure Active Directory PIM integration with Azure Lighthouse, which also supports role-based access control designations. Azure tenancies can specify that certain IT personnel roles are required for managing various Azure resources.

To specify such details, Azure Lighthouse can tap an "eligible authorizations parameter," which "allows your customers to configure your just in time access policy, define your maximum activation duration, MFA provider (Azure), and approvers for eligible roles," the announcement explained. It's done using an Azure Resource Manager template, which surfaces these settings in Azure Lighthouse.

Azure tenancies can see Azure AD PIM activities via audit logs in the "Azure AD PIM blade," the announcement indicated.

The PIM-enabled delegations capability for Azure Lighthouse is also good for the MSPs overseeing Azure tenancies as it offers them "robust tooling" that's part of the Azure platform, Microsoft contended.

"With the addition of PIM eligible authorizations, customers and service providers have another tool to provide further granular level access to customer resources," the announcement indicated.

MSPs have certain licensing requirements to use the PIM-enabled delegations capability with Azure Lighthouse. They'll need to have "the Azure AD Premium P2 or EMS E5 license," Microsoft indicated.

The announcement did not list any licensing requirements for managed Azure customers to use PIM-enabled delegations.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Nebula

    Ahead of AGI, Microsoft and OpenAI Redefine Their Partnership

    In a recapitalization announced Tuesday, OpenAI has launched a new public benefit corporation (PBC) called OpenAI Group, giving Microsoft a 27 percent ownership stake valued at approximately $135 billion.

  • Veeam Acquires Securiti AI To Unify Data Resilience and AI Security

    Veeam Software is making a strategic move into AI and data security by acquiring Securiti AI for $1.7 billion.

  • Microsoft Adds 'Mico' Virtual Assistant to Copilot in Major Fall Update

    In a significant feature update, Microsoft on Thursday said it is reshaping its Copilot AI platform with features that deepen user personalization and enable real-time group collaboration, among other perks.

  • Nutanix Partner Central Rolls Out To Boost Channel Engagement

    Nutanix on Wednesday launched a new platform, Partner Central, to give its channel partners a unified digital workspace for managing sales, tracking incentives and collaborating more effectively.

Most   Popular