Azure Lighthouse: Secure and Scalable Multi-Tenant Management for MSPs and Partners

Azure Lighthouse Course: Secure and Scalable Multi-Tenant Management for MSPs and Partners

This course is delivered online and consists of 6 units and a final project. The course duration is 115 hours and is distributed between content and collaboration tools. Upon completion, students will receive an accredited diploma.

Training is conducted through our Virtual Campus, with this modality you will have all the didactic content on the course platform and it will be accessible, from the course start date, 24 hours a day, every day of the week. Students will also have access to discussion forums, as well as continuous tutoring.

• Platform access: 3 months
• Individualized support

Azure Lighthouse - Multi-Tenant Management - Multi-Client Management - Azure Security - MSPs and Partners - Centralized Administration - Azure Management - Cloud Security - Scalability

Introduction

Efficient and secure management of multiple Azure environments is one of the main challenges for Managed Service Providers (MSPs) and technology partners. Azure Lighthouse allows central administration of resources from different client tenants, maintaining separation, access control, and the highest security standards.

This course offers practical and structured training on Azure Lighthouse, showing how to enable multi-tenant management, delegate access securely, and scale operations without compromising compliance or governance. Participants will learn to optimize client administration, improve operational efficiency, and offer higher-value managed services by leveraging native Azure capabilities.

Aimed at 

This course is especially aimed at:

• Managed Service Providers (MSPs).
  
• Microsoft Partners and cloud consultants.
  
• System and Azure administrators managing multiple client environments.
  
• Cloud solution architects.
  
• IT operations managers and technical support teams.
  
• Professionals providing administration, monitoring, or security services on Azure.

Training objectives

Upon completion of the course, participants will be able to:

• Understand the Azure Lighthouse multi-tenant management model and its benefits for MSPs and partners.
  
• Configure Azure Lighthouse for centralized administration of multiple client tenants.
  
• Delegate access securely using Azure RBAC and the principle of least privilege.
  
• Manage Azure resources, subscriptions, and services for different clients from a single environment.
  
• Integrate Azure Lighthouse with services such as Azure Monitor, Azure Security Center (Defender for Cloud), and Azure Policy.
  
• Scale managed service operations while maintaining security, control, and compliance.
  
• Apply best practices for governance and operation of multi-client environments in Azure.

Azure Lighthouse course content

Unit 1 Fundamentals of Azure Lighthouse

Objective:

• Understand what Azure Lighthouse is and when to use it.

Contents:

• What is Azure Lighthouse
• Centralized multi-tenant management
• Designed for MSPs and partners
• Comparison:
  • Classic access
  • GDAP
  • Lighthouse
• Benefits:
  • For end customer
  • For partner
  • Microsoft recommended model

Practice:

• Identify scenarios where Lighthouse is necessary
• Analyze partner and client architecture
• Compare GDAP vs Lighthouse model

Unit 2 Architecture and Delegation Model

Objective:

• Understand how Lighthouse technically works.

Contents:

• Cross-tenant access
• Granular Azure RBAC
• Control Plane vs Data Plane
• Resource Provider: Microsoft.ManagedServices
• Key components:
  • registrationDefinitions
  • registrationAssignments
• Principle of least privilege

Practice:

• Design delegation scheme
• Define appropriate RBAC roles
• Select scope (subscription vs RG)

Unit 3 Technical Implementation with ARM / Bicep

Objective:

• Implement delegation in an automated way.

Contents:

• What is an ARM Template
• Infrastructure as Code
• Key parameters:
  • managedByTenantId
  • RoleDefinitionId
  • Security group
• Deployment:
  • Direct ARM
  • Private Marketplace offer

Lab:

• Create ARM delegation template
• Configure Contributor role (practical example)
• Simulate client onboarding
• Validate delegation from Azure portal

Unit Real Multi-Tenant Operation

Objective:

• Manage multiple clients from the partner tenant.

Contents:

• View delegated subscriptions
• Context switching without identity change
• Directory filters
• Auditing and traceability
• Activity Logs

Practical lab:

Case 1 — Application of Corporate Tags

• Create ManagedBy tag
• Apply it to resources
• Validate immediate impact

Case 2 — VM Monitoring

• Azure Monitor
• CPU / network metrics
• Activity Log
• Create alert (without activating it)

Unit 5 Multi-Tenant Governance and Security

Objective:

• Apply cross-cutting governance to multiple clients.

Contents:

• Multi-tenant Azure Policy
• Creation of custom policies
• Region restriction
• Mandatory tags
• Allowed SKUs
• Security and immediate revocation
• Compliance in regulated environments

Lab

Case 3 — Corporate Policy

• Create custom policy
• Assign it to subscription
• Simulate corporate MSP standard

Unit 6 MSP Strategy and Commercial Model

Objective

• Understand how to sell and scale Lighthouse as a service.

Contents:

• Benefits for the client
• Benefits for the partner
• Scalable model with Marketplace
• Integration with:
  • Defender
  • Sentinel
  • Intune
• Frequently asked questions from the client:
  • Is it secure?
  • Does it have a cost?
  • Can it be revoked?
  • Do I lose control?

Strategic exercise:

• Design a managed services proposal based on Lighthouse.

Final Project

Design a complete MSP scenario:

• 3 simulated clients
• Automated delegation
• Global compliance policy
• Centralized monitoring
• Granular RBAC model
• Technical document + architecture diagram

Final Evaluation

• 20 technical questions
• 2 practical cases
• 1 architectural design

Prerequisites

For a better use of the course, it is recommended that participants have:

• Basic knowledge of Microsoft Azure (subscriptions, resources, resource groups).
  
• Previous experience in administering cloud environments or managed services.
  
• Familiarity with identity and access control concepts (Azure Active Directory / Entra ID).
  
• Basic knowledge of security in cloud environments (recommended, not mandatory).

Other training modalities

If you are interested in taking this course in person or telepresence mode, please contact us:

• Email: info@nanforiberica.com
• Phone: +34 91 031 66 78
• WhatsApp: +34 685 60 05 91