If your organization works on a cloud server such as Microsoft Azure or Microsoft 365, how do you protect your data and servers from being attacked by employees or external threats?
And what happens when one of the employees who have access to your server leaves or joins a different team – do you need to change all your Azure credentials?
If you’re facing any of these problems, this article might just help you transform the way you work for the better.
Through products like Azure Lighthouse and Amaxra Beacon, you can securely and easily manage your Microsoft cloud services.
What is Azure Lighthouse?
Azure Lighthouse is a service provided by Microsoft that allows service providers to manage multiple Azure tenants through a single platform, enhancing security, transparency, and efficiency. Using Azure Lighthouse, service providers can log in to their own Azure portal to manage and control multiple customers’ tenants, subscriptions, groups, and resources.
This means that as a managed service provider, you don’t have to log in to different accounts to manage different customers, and you can control the access and permissions for each of your employees.
Sure, Azure Lighthouse is convenient, but more importantly, it’s also secure.
And it’s helpful in more ways than one. Let’s look at how Azure Lighthouse would be helpful for different types of users:
- Managed Service Providers: Azure Lighthouse allows MSPs to manage different tenants through their own partner environment. They can also deploy consistent management and security policies across different tenants.
- Application Provider: If you are an application provider on Azure, you can package your services on the marketplace and allow customers to deploy them while retaining the management of resources if you need them.
- Customers: As a customer with one or more MSPs managing your tenants, you can use Azure Lighthouse to get a clear overview of the different responsibilities and access permissions given to service providers.
Microsoft 365 Lighthouse Benefits & Capabilities
If you’re still wondering why Azure Lighthouse is regarded as a game-changer for both service providers and customers, consider some of the benefits of a unified dashboard that allows you to track and manage all your Azure activity while creating a distinction between customer and MSP portals.
We’ll help you out here:
Benefit 1: Enhanced Security
Azure Lighthouse allows service providers to apply a centralized set of security policies to all customers. Any new security practices they develop can be deployed to all tenants quickly and efficiently. Without Azure Lighthouse, this would have had to be done manually for every tenant, making it more prone to error.
Service providers can also run search queries for threats across tenants, making it more likely for them to detect and prevent any potential security breach.
Benefit 2: Reduced Risk
Since Azure Lighthouse allows customers to allocate the preferred amount of access to service providers, there is a lower risk of a security threat.
This is because Azure Lighthouse allows users to define the level of access granted per resource to each employee, so every employee doesn’t have access to their login credentials even after they leave.
All you need to do to secure yourself is change their access permissions!
Customers even have control over the level and duration of access granted to service providers per resource, based on the amount of time required to complete the task. If a customer has multiple service providers, they can easily monitor and assign permissions to different providers based on their role.
Benefit 3: Increased Scalability
Now that service providers can use existing APIs, management tools, and workflows with the resources assigned to them, it will be easier for them to manage and onboard new customers.
Benefit 4: Greater Visibility and Control
Along with having control over access permissions, customers also have complete visibility of the actions of service providers. Based on their assessment, they can choose to change or revoke access without worrying about them having their credentials.
By now, you would have realized that Azure Lighthouse is more than just a unified dashboard where you can monitor and manage multiple tenants.
Azure Lighthouse offers a diverse set of capabilities that allow you to take complete control over your tenant(s), as well as give you a more streamlined and efficient Azure experience.
Some of those features include:
Capability 1: Azure Delegated Resource Management
Service providers do not need to maintain a log of their customers’ login details and enter them separately to manage different tenants. They can simply use their own tenant to manage resources delegated to them by different customers without having to switch planes every time.
Capability 2: New Azure Portal experiences
For customers, this means that they can go to the “Service Providers” page to see a list of the different service providers managing their tenants and manage access for each. Service providers can see information about different customers on their “My Customers” page.
Having it all in one place is surely easier, right?
Capability 3: Azure Resource Manager templates
ARM Templates are used to declare network infrastructure, storage, and any other resources. ARM Templates allow you to automate deployment in a consistent manner. You can also deploy templates in parallel, across resources, with a single command.
Through Azure Lighthouse, you can use the capabilities of ARM Templates to onboard customer resources and perform tasks across multiple tenants.
Capability 4: Manage service offers in Marketplace
Azure marketplace allows you to offer resource management services to all potential customers or only specific customers. This makes it easier to onboard customers, as well as package your services for a larger customer base.
It might seem unnatural to use Azure services without harnessing the benefits and capabilities of Azure Lighthouse now. But it’s a good sign because that’s one of the best decisions you’ll make as an Azure customer or service provider.
Azure Lighthouse Onboarding & Setup
Now that you know why it’s helpful and what it does, it is time to discuss how you can set up your Azure Lighthouse tenant and start onboarding customers.
1. Gather tenant and subscription details
First things first.
To start onboarding customers, you need to know the following:
- Service provider’s tenant ID (where you’ll be managing your customers’ resources)
- Customer’s tenant ID
- Subscription IDs for each subscription in the customer’s tenant
If you don’t know a tenant ID, don’t worry- it can be retrieved using the Azure portal, Azure Powerhouse, or Azure CLI.
2. Define roles and permissions
Since the different tasks you perform for a customer may require different scopes and levels of access, you will need to define authorizations and assign the appropriate Azure built-in roles
3. Create an Azure Resource Manager (ARM) template
You’ll need to create an ARM template to onboard a customer. To create the template from Azure Portal:
- Go to My customers > Create ARM template.
- Provide your name and an optional description. The managedByTenantID will be provided automatically.
- Select either Resource Group or Subscription based on the scope of the customer you want to onboard.
- Click on + Add authorization, and provide details for each of your authorizations
- You will be navigated back to the ARM template page, where you can add more authorizations.
- Click on View Template
- Download a copy of the .json file.
4. Deploy the ARM Template…
After creating the template, you will need to deploy it within the customer tenant. Each subscription will need a separate deployment.
You can deploy the template through Azure CLI, PowerShell, and Portal.
5. And the Azure Portal
You can use this option to modify your template through the Github repo and deploy it. This step needs to be performed by the user.
Once the deployment has been created, you can simply repeat the same step for onboarding each customer.
If you’re unsure and want to check whether you’ve successfully completed the process, you can go to the “My Customers” page to confirm.
Phew! Yes, it’s a lot of work. But we do have some good news to share in the next section.
Azure Lighthouse Pricing
Azure Lighthouse is available to Azure users without any additional cost since you are only using the service to delegate permissions for existing tenants.
If you already use paid capabilities on Azure services such as Log Analytics, Security Center, etc., you will continue to pay for those services, and if you use underlying services that are free of charge, they will remain so.
Basically, Azure Lighthouse is like a control panel for the existing Azure services used by your company, not an additional service in itself.
What is Amaxra Beacon?
Amaxra Beacon is a cyber-security solution designed for SMEs using Microsoft 365 for Business suite to protect them against potential security threats.
Amaxra always deploys free-of-cost Microsoft 365 solutions to customers with a base level of security to ensure that only authorized users have access to their cloud.
Amaxra Beacon builds on this commitment toward security with advanced premium options to protect applications, data, communications, and devices your employees use every day.
Amaxra Beacon is available in two tiers of cybersecurity: Lite and Premium.
Amaxra Beacon Lite
Amaxra Beacon Lite offers some very useful security features along with Amaxra baseline identity protection:
- Advanced options for passwordless sign-ins
- Added visibility into user activity
- Protection from rogue add-ons in Microsoft apps
- Protection against phishing and other attacks targeted at Outlook and Teams
Amaxra Beacon Premium
Amaxra Beacon Premium adds on to these features with additional security solutions such as:
- Zero-trust security to ensure that only authorized devices and users can access corporate assets
- Data leak protection for cloud-based files
- Automated endpoint protection to protect both company and employee-owned devices against attacks
- Regular security check-ins, remediation of covered events, security planning, and ongoing enhancements
For SMEs with limited cybersecurity resources, threat alerts generated by mainstream security systems tend to get overwhelming or can even be missed.
Such organizations require more personalized solutions that provide them with consistent support and guidance in detecting and responding to security threats.
Imagine that your business is scaling up, and your IT team suddenly gets busy with onboarding new employees, purchasing software licenses, updating security protocols, and more such tasks that need to be done on priority…
Even if your antivirus products inform them about a threat, there is a possibility that they will be too overwhelmed with work and miss the alert!
If you have a small IT team, you can’t expect them to be on top of everything all the time.
This is why Amaxra consultants offer regular support and security check-ins so that even during periods of a heavy workload, the security of your network remains a priority.
Amaxra Beacon with managed detection and response (MDR) is a service designed with SMEs in mind.
You can add MDR to your Amaxra Beacon solution to receive 24/7 cybersecurity monitoring and response by a team of trained cybersecurity IT experts. This means that Amaxra will provide you with:
- A list of prioritized alerts
- Suggested action items for your IT team
- An active role in responding to the security incident on your behalf (if authorized)
Amaxra’s range of turnkey security solutions is well-suited for the security requirements of SMEs looking for flexible, affordable, and scalable solutions to protect their users and devices.
Amaxra Benefits & Capabilities
SMEs often tend to overlook cybersecurity concerns due to small budgets, insufficient IT resources, or just lack of awareness. We know it’s hard being a small business and having to wear many hats – but when it comes to IT security, it’s always better to outsource to a team of experts. You don’t have to do it all by yourself!
But if you’re a small business, why take cybersecurity so seriously anyway? Who would want to attack a small business, and even if they do, how bad could the consequences be? Let’s take a look at the data:
- Two in five SMBs were impacted by ransomware in 2020.
- 34% of data breaches involved internal actors
- 53% of SMEs can not detect a data breach within the first few days
- The average cost of a data breach for SMEs with less than 500 employees is $2.98 million.
Despite these facts, we understand why SMEs still sometimes don’t prioritize their cybersecurity needs.
Amaxra Beacon is designed to specifically address their concerns and limitations, which is why it is:
- Suited for remote teams, where most communication happens on the cloud, and users may use personal and company devices
- Scalable and flexible based on the size and requirements of each business
- Enhanced with personalized support from Amaxra cybersecurity experts (so you don’t need one on your payroll)
- Costs just a few extra dollars per user every month- a small price to pay (literally) considering the cost of a data breach
We could keep talking about the benefits of Amaxra Beacon for SMEs, but we would rather discuss its capabilities so that you can judge for yourself.
|Features Available||Beacon Lite||Beacon Premium|
|Enable Multi-Factor Authentication||Yes||Yes|
|Enable Self Service Password Research||Yes||Yes|
|Block Legacy Authentication||Yes||Yes|
|Set passwords to never expire||Yes||Yes|
|Protect against impersonation||Yes||Yes|
|Configure risk-based configurational access||No||Yes|
|Block dangerous file extensions||Yes||Yes|
|Configure safe attachments||Yes||Yes|
|Assist with device enrollment||No||Yes|
|Enforce device update policy||No||Yes|
|Enforce application update policy||No||Yes|
Amaxra Versions and Pricing
How much will a turnkey security solution for your business cost you?
As we’ve mentioned, Amaxra Beacon is available in two tiers, along with the option of managed detection and response by cybersecurity experts.
Here is the pricing for all versions:
|Amaxra Beacon Lite||$1.50 per user, per month|
|Amaxra Beacon with Managed Detection and Response (MDR)||$3.55 per user, per month|
|Amaxra Beacon Premium||Pricing is tiered by user count (MDR available). Contact us for a quote|
You can make your decision based on your team size, requirements, and budget. And if you’re still confused, don’t worry; you’ll have help.
Azure Lighthouse FAQs
“What is Microsoft Lighthouse Program”
Microsoft Lighthouse is a portal offered to Microsoft 365 and Azure users that helps Managed Service Providers (MSPs) securely manage multiple devices, data, and users at scale for SMB customers. It also allows customers to have complete visibility and control over access permissions assigned to MSPs for different resources.
“What is Azure Lighthouse used for”
Azure Lighthouse is used to manage Azure subscriptions and tenants through a single dashboard centrally. It is helpful for both MSPs and customers using Azure services. MSPs use Azure to securely and efficiently manage multiple tenants at scale, while customers use the platform to grant authorization and desired levels of access to different MSPs.
“What is Amaxra Beacon?”
Amaxra Beacon is a cybersecurity solution designed to protect SMEs using Microsoft 365 for Business suite against potential security threats. It offers features such as zero-trust security, data leak protection, regular security checks, and many others, to monitor, detect and prevent data breaches in your cloud.
Being at the receiving end of a security breach doesn’t seem like something that happens every day, but it’s never worth taking a chance and putting off your cybersecurity needs.
Since most companies are now using cloud-based services for managing and storing their data (and pretty much everything else), protecting your server from a potential data breach has become a top priority. No one wants to learn this the hard way!
Azure Lighthouse is offered by Microsoft to protect Azure users from a potential security breach, and Amaxra Beacon takes it one step further, by offering advanced, personalized solutions to protect your data.
If you want to know more about how you can implement the right security solutions to your cloud service, get in touch with Amaxra experts, and we can take it from there.
Contact me at firstname.lastname@example.org or call 425 708 8841 if you have any questions or comments on this blog.
Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email email@example.com or chat with us on this website to find out more.