Azure Lighthouse Getting Privileged Identity Management Preview
Microsoft is previewing the use of the Azure Active Directory Privileged Identity Management (PIM) service within Azure Lighthouse, per a Thursday announcement.
Azure Lighthouse is Microsoft's multitenant management solution for use by its managed service provider (MSP) partners, who may be overseeing Azure services for customers. Microsoft released Azure Lighthouse for its partners during the 2019 Microsoft Inspire event.
The two-day 2021 Microsoft Inspire online event is set to kick off this week on July 14, which perhaps explains the timing of Microsoft's Azure Lighthouse announcement.
The Azure AD PIM integration in Azure Lighthouse perhaps adds to the trust relationship between MSPs and their customers. With it, customers can specify that MSPs have network access granted for a limited period of time, which is called "just-in-time access" (JIT). Microsoft's JIT scheme gives a partner up to eight hours of access time to complete a management task, for instance, before those permissions get revoked.
Customers can impose conditions on partners using Azure Lighthouse. They can enforce the use of multifactor authentication when accessing accounts, for instance, Microsoft's announcement explained.
In addition to the Azure AD PIM integration, now at preview, Microsoft is working on adding future Azure Lighthouse enhancements. Those coming enhancements include:
- Enabling the use of the Azure CLI (Command-Line Interface) or PowerShell to initiate the Azure AD PIM onboarding experience.
- Integration of Azure AD PIM logs into the Azure Resource Manager portal.
- Delivering account management best-practice recommendations to partners via Azure Advisor.
The Microsoft Inspire event this week will have two Azure Lighthouse sessions of note, namely "Create hybrid and multi-cloud strategies with Microsoft Azure" and "Building Profitable and Secure Managed Services on Azure with Azure Lighthouse and Azure Arc."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.