________________________________________________________________
Do you want to take this course remotely or in person?
Contact us by email: info@nanforiberica.com , phone: +34 91 031 66 78, WhatsApp: +34 685 60 05 91 , or contact Our Offices
________________________________________________________________
Azure Lighthouse Course: Secure and Scalable Multi-Tenant Management for MSPs and Partners
This course is taught in online format and consists of 6 units and a final project. The duration of the course is 115 hours HE distributes between the content and the collaboration tools. Upon completion, the student will receive a certificate of completion.
The training is conducted through our Virtual Campus, With this option, you will have access to all the course content on the platform, 24 hours a day, 7 days a week, from the first day of the course. Students will also have access to participation forums , as well as a continuous tutoring .
Azure Lighthouse - Multi-Tenant Management - Multi-Client Management - Azure Security - MSPs and Partners - Centralized Administration - Azure Management - Cloud Security - Scalability
Introduction
Efficient and secure management of multiple Azure environments is a major challenge for Managed Service Providers (MSPs) and technology partners. Azure Lighthouse enables centralized management of resources across different customer tenants, maintaining separation, access control, and the highest security standards.
This course offers structured, hands-on training on Azure Lighthouse , demonstrating how to enable multi-tenant management, securely delegate access, and scale operations without compromising compliance or governance. Participants will learn to optimize customer management, improve operational efficiency, and deliver higher-value managed services by leveraging native Azure capabilities.
Addressed to
This course is specifically designed for:
- Managed Service Providers (MSPs).
- Microsoft partners and cloud consultants.
- Systems and Azure administrators who manage multiple customer environments.
- Cloud solution architects.
- IT operations managers and technical support teams.
- Professionals who provide administration, monitoring, or security services on Azure.
Training objectives
Upon completion of the course, participants will be able to:
- Understand the Azure Lighthouse multi-tenant management model and its benefits for MSPs and partners.
- Configure Azure Lighthouse for centralized management of multiple customer tenants.
- Securely delegate access using Azure RBAC and least privilege principles.
- Manage Azure resources, subscriptions, and services for different customers from a single environment.
- Integrate Azure Lighthouse with services such as Azure Monitor, Azure Security Center (Defender for Cloud), and Azure Policy.
- Scale managed services operations while maintaining security, control, and compliance.
- Apply best practices for governance and operation of multi-tenant environments in Azure.
Azure Lighthouse course content
Unit 1 Azure Lighthouse Fundamentals
Aim:
- Understand what Azure Lighthouse is and when to use it.
Contents:
- What is Azure Lighthouse?
- Centralized multi-tenant management
- Designed for MSPs and partners
- Comparison:
- Classic access
- GDAP
- Lighthouse
- Benefits:
- For end customer
- For partners
- Microsoft recommended model
Practice:
- Identify scenarios where Lighthouse is needed
- Analyze partner and customer architecture
- Compare GDAP vs Lighthouse model
Unit 2 Architecture and Delegation Model
Aim:
- Understand how Lighthouse works technically.
Contents:
- Cross-tenant access
- Azure RBAC granular
- Control Plane vs Data Plane
- Resource Provider: Microsoft.ManagedServices
- Key components:
- registrationDefinitions
- registrationAssignments
- Principle of least privilege
Practice:
- Design delegation scheme
- Define appropriate RBAC roles
- Select scope (subscription vs RG)
Unit 3 Technical Implementation with ARM / Bicep
Aim:
- Implement automated delegation.
Contents:
- What is an ARM Template?
- Infrastructure as Code
- Key parameters:
- managedByTenantId
- RoleDefinitionId
- Security group
- Deployment:
- Direct ARM
- Private Marketplace Offer
Laboratory:
- Create ARM delegation template
- Configure Contributor role (practical example)
- Simulate customer onboarding
- Validate delegation from the Azure portal
Real Multi-Tenant Operations Unit
Aim:
- Manage multiple clients from the partner tenant.
Contents:
- Viewing delegated subscriptions
- Change of context without change of identity
- Directory filters
- Audit and traceability
- Activity Logs
Practical laboratory:
Case 1 — Application of Corporate Tags
- Create ManagedBy tag
- Apply it to resources
- Validate immediate impact
Case 2 — VM Monitoring
- Azure Monitor
- CPU/Network Metrics
- Activity Log
- Create alert (without activating it)
Unit 5 Multi-Tenant Governance and Security
Aim:
- Apply cross-functional governance to multiple clients.
Contents:
- Azure Policy multi-tenant
- Creation of customized policies
- Region restriction
- Required tags
- Allowed SKUs
- Security and immediate revocation
- Compliance in regulated environments
Laboratory
Case 3 — Corporate Policy
- Create a custom policy
- Assign it to subscription
- Simulate MSP corporate standard
Unit 6 MSP Strategy and Business Model
Aim
- Understanding how to sell and scale Lighthouse as a service.
Contents:
- Customer benefits
- Benefits for the partner
- Scalable model with marketplace
- Integration with:
- Frequently Asked Questions:
- Is it safe?
- Is there a cost?
- Can it be revoked?
- Am I losing control?
Strategic exercise:
- Design a managed services proposal based on Lighthouse.
Final Project
Design a complete MSP scenario:
- 3 simulated clients
- Automated delegation
- Global compliance policy
- Centralized monitoring
- Granular RBAC model
- Technical document + architectural diagram
Final Assessment
- 20 technical questions
- 2 case studies
- 1 architectural design
Prerequisites
For optimal benefit from the course, participants are advised to have:
- Basic knowledge of Microsoft Azure (subscriptions, resources, resource groups).
- Previous experience in cloud environment or managed services administration.
- Familiarity with identity and access control concepts (Azure Active Directory / Entra ID).
- Basic knowledge of security in cloud environments (recommended, not mandatory).
Other training modalities
If you are interested in taking this course in person or remotely, please contact us:
