Jillian  Corwin

Jillian Corwin


What Is Azure Lighthouse? Everything You Should Know

In this article, we will learn together what is Azure Lighthouse? Everything you should know. Azure Lighthouse is a service designed by Microsoft that provides advanced automation on Azure Cloud Services. It assures you to manage Azure estates of several customers and protects your IP management. 

We will dig much deeper into Azure Lighthouse in this article, and the following are the pointers we will cover:

You can also become a certified professional in Microsoft Azure and other cloud services like Amazon Web Services (AWS) and Google Cloud Platform (GCP) by enrolling in our cloud computing online course. It offers a post-graduate program in cloud computing

Without any further delay, let’s begin with the Azure Lighthouse tutorial.

What is Azure Lighthouse?

Azure Lighthouse allows you to enable cross-tenant management and multi-tenant management, which helps for higher automation, scalability, and enhanced governance throughout the resources and tenants.

In simple terms, Azure Lighthouse is a control panel, which incorporates portals, IT service management tools, and monitoring tools that enable service providers to monitor and manage deployments across tenants. 

Using Azure Lighthouse, service providers can deliver secure managed services with the help of extensive and robust management tools, which are built into the Azure platform. The customers or clients could control who can access their tenants, resources, and actions to undertake. Azure Lighthouse also benefits enterprise IT organizations that manage resources across numerous tenants with access control for customers. 

Let’s see some scenarios where this could be helpful:

  • Service Providers: A scenario where the customer pays the bill and wants control of the resources, but the customer pays a third party to manage and support the resources.
  • Application Providers: Some companies provide applications in Azure and come up with a management part, where they can package these services on the marketplace and allow clients to deploy them in their subscription. Later, they retain management of a few or all the resources.
  • Multi-Tenant: Several Azure clients have multiple tenants throughout their organization for numerous tasks. Azure Lighthouse helps to manage the resources of these tenants in one place without having to switch tenants.

Benefits of Azure Lighthouse

Service providers can build and deliver managed services efficiently using Azure Lighthouse. Let’s discuss some benefits of using this service:

  • Scalable Management: It enhances customer engagement and life cycle management and operations, making it easier and more scalable to manage customer resources. You can use existing APIs, management tools, and workflows with assigned resources, including machines hosted outside of Azure, despite these resources’ locations.
  • Greater Visibility and Control of Azure Environment for Customers: Customers have definite control over the scopes they assign for management and permissions. They can inspect service provider actions with complete transparency and manage and remove access altogether without compromising security.
  • Comprehensive and Unified Platform Tooling: Azure Lighthouse provides an extensive and unified platform tooling experience, addressing vital service provider scenarios, such as multiple licensing modes like EA (Enterprise Agreement), CSP (Cloud Service Provider Program), and pay-as-you-go. It helps to track your impact on customers engagements by linking your partner ID. 
  • Risk Reduction with Just-In-Time Access: It provides time-based role activation and approval-based role activation using PIM (Privileged Identity Management), which is a service by Azure AD (Azure Active Directory). PIM helps reduce risk by allocating service providers the exact amount of access required per resource and time needed to complete the task.

Capabilities in Azure Lighthouse

Using Azure Lighthouse, there are numerous ways to streamline engagement and management:

  • Azure Delegated Resource Management: You can securely manage the Azure resources of your customers within your own tenant without the need to switch context and control planes. Customer subscriptions and resource groups can be allocated to specific users and roles in tenant management, gaining the ability to remove access when necessary.
  • New Azure Portal Experiences: You can view cross-tenant management information inside the “My Customers” page in the Azure portal. The Azure portal has a “Service Providers” page that allows customers to view and manage their service provider access. 
  • Azure Resource Manager (ARM) Templates: You can utilize ARM templates to onboard allocated customer resources and perform cross-tenant management tasks. 
  • Managed Service offers in Azure Marketplace: You can provide services to customers by public or private offers and onboard them to Azure Lighthouse automatically.

Now, let’s move forward and learn few concepts involved in Azure Lighthouse. 

Azure Delegated Resource Management

Azure Delegated Resource Management is an essential component of Azure Lighthouse, which allows logical projection of resources from one tenant to another. It enables service providers to ease customer engagement and onboarding experiences during the management of delegated resources at scale with agility and precision. 

Using Azure Delegated Resource Management, authorized users can work plainly in the context of a customer subscription without having a customer’s tenant account or being a co-owner of the customer’s tenant.

Cross-Tenant Management Experiences

The Cross-Tenant Management Experiences enable you to work more efficiently with Azure management services, such as Azure Policy, Azure Security Center, etc. All service provider activities are tracked in the activity log and stored in the customer’s tenant, which can be viewed and monitored by users in the managing tenant. Users in both the managing and the managed tenant could quickly identify the user associated with any adjustments.

What are Tenants?

Each Azure AD tenant is a representation of an organization. Tenants are dedicated and trusted instances of Azure AD, which an organization receives when creating a relationship or agreement with Microsoft by signing up for Azure, Microsoft 365, or other Microsoft services. There is no relationship between each tenant, and they are distinct and separate entities. Each tenant has its own tenant ID. 

Managed Service Offers

Managed Service Offers smoothen and simplify the process of enlisting or onboarding customers to Azure Lighthouse. It provides customers with resource management services through Azure Lighthouse. When a customer buys an offer in Azure Marketplace, they can determine which subscriptions or resource groups must be enlisted.

Later, users in the organization can work on these resource groups within your managing tenants with the help of Azure Delegated Resource Management, as per the access you defined when the offer is created.

Enterprise Scenarios

Azure Lighthouse plays a vital role in enterprise scenarios. Let’s discuss some situations associated with Azure Lighthouse and Enterprise. 

  • Single and Multiple Tenants: The management is quite simple with a single Azure AD tenant in any organization. Some organizations need multiple tenants for management operations. Azure Lighthouse can help in centralizing and streamlining management operations. 
  • Tenant Management Architecture: Azure Lighthouse helps specify which tenant will involve users in performing management operations on other tenants. 
  • Security and Access Considerations: With Azure Lighthouse, organizations can determine which users can have authorized access to delegated resources. This ensures that users only have the permissions required for performing the necessary tasks, subsequently reducing the chance of accidental errors.

Comparison of Azure Lighthouse and Azure Managed Applications

Using Azure Lighthouse, service providers can deliver secure managed services and perform numerous management tasks directly on a customer’s subscription or a resource group.

Using Azure Managed Applications, service providers or ISVs (Independent Software Vendors) can provide cloud solutions, which becomes easier and simpler for customers to deploy and use in their own subscriptions.

Let’s compare these two approaches using a table:

ConsiderationAzure LighthouseAzure Managed Applications
Typical UserService providers or enterprises manage multiple tenantsISVs (Independent Software Vendors)
Scope of cross-tenant accessSubscription or resource groupsResource groups (scoped to a single application)
Purchase options in Azure MarketplaceNo (Managed Service offers can be published to Azure Marketplace, but customers are charged and billed separately)Yes
IP ProtectionYes (IP can remain in the tenant of a service provider)Yes (By design, the resource group is secured to customers)
Deny AssignmentsNoYes

With this, we have come to an end with the Azure Lighthouse blog. I hope you are satisfied with my article on Azure Lighthouse. If you have any questions or concerns, feel free to provide us with your feedback in the comments section below, and we will revert to you. 

Original article source at: https://www.mygreatlearning.com


What is GEEK

Buddha Community

What Is Azure Lighthouse? Everything You Should Know
Eric  Bukenya

Eric Bukenya


Learn NoSQL in Azure: Diving Deeper into Azure Cosmos DB

This article is a part of the series – Learn NoSQL in Azure where we explore Azure Cosmos DB as a part of the non-relational database system used widely for a variety of applications. Azure Cosmos DB is a part of Microsoft’s serverless databases on Azure which is highly scalable and distributed across all locations that run on Azure. It is offered as a platform as a service (PAAS) from Azure and you can develop databases that have a very high throughput and very low latency. Using Azure Cosmos DB, customers can replicate their data across multiple locations across the globe and also across multiple locations within the same region. This makes Cosmos DB a highly available database service with almost 99.999% availability for reads and writes for multi-region modes and almost 99.99% availability for single-region modes.

In this article, we will focus more on how Azure Cosmos DB works behind the scenes and how can you get started with it using the Azure Portal. We will also explore how Cosmos DB is priced and understand the pricing model in detail.

How Azure Cosmos DB works

As already mentioned, Azure Cosmos DB is a multi-modal NoSQL database service that is geographically distributed across multiple Azure locations. This helps customers to deploy the databases across multiple locations around the globe. This is beneficial as it helps to reduce the read latency when the users use the application.

As you can see in the figure above, Azure Cosmos DB is distributed across the globe. Let’s suppose you have a web application that is hosted in India. In that case, the NoSQL database in India will be considered as the master database for writes and all the other databases can be considered as a read replicas. Whenever new data is generated, it is written to the database in India first and then it is synchronized with the other databases.

Consistency Levels

While maintaining data over multiple regions, the most common challenge is the latency as when the data is made available to the other databases. For example, when data is written to the database in India, users from India will be able to see that data sooner than users from the US. This is due to the latency in synchronization between the two regions. In order to overcome this, there are a few modes that customers can choose from and define how often or how soon they want their data to be made available in the other regions. Azure Cosmos DB offers five levels of consistency which are as follows:

  • Strong
  • Bounded staleness
  • Session
  • Consistent prefix
  • Eventual

In most common NoSQL databases, there are only two levels – Strong and EventualStrong being the most consistent level while Eventual is the least. However, as we move from Strong to Eventual, consistency decreases but availability and throughput increase. This is a trade-off that customers need to decide based on the criticality of their applications. If you want to read in more detail about the consistency levels, the official guide from Microsoft is the easiest to understand. You can refer to it here.

Azure Cosmos DB Pricing Model

Now that we have some idea about working with the NoSQL database – Azure Cosmos DB on Azure, let us try to understand how the database is priced. In order to work with any cloud-based services, it is essential that you have a sound knowledge of how the services are charged, otherwise, you might end up paying something much higher than your expectations.

If you browse to the pricing page of Azure Cosmos DB, you can see that there are two modes in which the database services are billed.

  • Database Operations – Whenever you execute or run queries against your NoSQL database, there are some resources being used. Azure terms these usages in terms of Request Units or RU. The amount of RU consumed per second is aggregated and billed
  • Consumed Storage – As you start storing data in your database, it will take up some space in order to store that data. This storage is billed per the standard SSD-based storage across any Azure locations globally

Let’s learn about this in more detail.

#azure #azure cosmos db #nosql #azure #nosql in azure #azure cosmos db

Ruthie  Bugala

Ruthie Bugala


How to set up Azure Data Sync between Azure SQL databases and on-premises SQL Server

In this article, you learn how to set up Azure Data Sync services. In addition, you will also learn how to create and set up a data sync group between Azure SQL database and on-premises SQL Server.

In this article, you will see:

  • Overview of Azure SQL Data Sync feature
  • Discuss key components
  • Comparison between Azure SQL Data sync with the other Azure Data option
  • Setup Azure SQL Data Sync
  • More…

Azure Data Sync

Azure Data Sync —a synchronization service set up on an Azure SQL Database. This service synchronizes the data across multiple SQL databases. You can set up bi-directional data synchronization where data ingest and egest process happens between the SQL databases—It can be between Azure SQL database and on-premises and/or within the cloud Azure SQL database. At this moment, the only limitation is that it will not support Azure SQL Managed Instance.

#azure #sql azure #azure sql #azure data sync #azure sql #sql server

Ron  Cartwright

Ron Cartwright


Getting Started With Azure Event Grid Viewer

In the last article, we had a look at how to start with Azure DevOps: Getting Started With Audit Streaming With Event Grid

In the article, we will go to the next step to create a subscription and use webhook event handlers to view those logs in our Azure web application.

#cloud #tutorial #azure #event driven architecture #realtime #signalr #webhook #azure web services #azure event grid #azure #azure event grid #serverless architecture #application integration

Aisu  Joesph

Aisu Joesph


Azure Series #2: Single Server Deployment (Output)

No organization that is on the growth path or intending to have a more customer base and new entry into the market will restrict its infrastructure and design for one Database option. There are two levels of Database selection

  • a.  **The needs assessment **
  • **b. Selecting the kind of database **
  • c. Selection of Queues for communication
  • d. Selecting the technology player

Options to choose from:

  1. Transactional Databases:
    • Azure selection — Data Factory, Redis, CosmosDB, Azure SQL, Postgres SQL, MySQL, MariaDB, SQL Database, Maria DB, Managed Server
  2. Data warehousing:
    • Azure selection — CosmosDB
    • Delta Lake — Data Brick’s Lakehouse Architecture.
  3. Non-Relational Database:
  4. _- _Azure selection — CosmosDB
  5. Data Lake:
    • Azure Data Lake
    • Delta Lake — Data Bricks.
  6. Big Data and Analytics:
    • Data Bricks
    • Azure — HDInsights, Azure Synapse Analytics, Event Hubs, Data Lake Storage gen1, Azure Data Explorer Clusters, Data Factories, Azure Data Bricks, Analytics Services, Stream Analytics, Website UI, Cognitive Search, PowerBI, Queries, Reports.
  7. Machine Learning:
    • Azure — Azure Synapse Analytics, Machine Learning, Genomics accounts, Bot Services, Machine Learning Studio, Cognitive Services, Bonsai.

Key Data platform services would like to highlight

  • 1. Azure Data Factory (ADF)
  • 2. Azure Synapse Analytics
  • 3. Azure Stream Analytics
  • 4. Azure Databricks
  • 5. Azure Cognitive Services
  • 6. Azure Data Lake Storage
  • 7. Azure HDInsight
  • 8. Azure CosmosDB
  • 9. Azure SQL Database

#azure-databricks #azure #microsoft-azure-analytics #azure-data-factory #azure series

Ruthie  Bugala

Ruthie Bugala


Analyze Azure Cosmos DB data using Azure Synapse Analytics

This article will help you understand how to analyze Azure Cosmos DB data using Azure Synapse Analytics.


Azure Cosmos DB is a multi-model NoSQL database that supports hosting various types of data that are transactional in nature. OLTP systems employ transactional databases for hosting operational data. To analyze large volumes of transactional data, relational databases do not scale or perform to the needs of large-scale analytics. Columnar data warehouses are one of the preferred, effective, and proven means of analyzing and aggregating large volumes of data for big data scale analytics. Azure Synapse is the data warehouse offering in the Microsoft Azure technology stack. The challenge with analyzing transactional data in relational databases using columnar warehouses is that one needs to replicate and/or relocate data from operational repositories into analytical repositories. Hybrid transactional analytical processing (HTAP) is a methodology or approach where data hosted in a relational format is auto-organized in a columnar format eliminating the need to replicate and/or relocate the data to a great extent. Azure offers a feature to analyze data hosted in Cosmos DB using Azure Synapse. In this article, we will learn how to implement the same.


We are assuming that we are hosting data in the Cosmos DB instance. To simulate this assumption, we would need an Azure Cosmos DB account implemented using the Core (SQL) API, with all the preview features turned on. Once you have an account created, you would be able to see an account listed as shown below.

#azure #sql azure #azure synapse analytics #azure