Managed Azure Security Azure Lighthouse limitations by Michael Deacon Jan 28, 2020 So we tried to implement by the book the recently released Azure Lighthouse in order to centrally manage multiple Azure customers. The recommended Contributor role that is highest Azure role you can use with Lighthouse, has some very interesting limitations, especially around what you can do with the Azure Policies: Microsoft.Authorization/*/Delete and Microsoft.Authorization/*/Write operations are actually prohibited, so you cannot actually deploy any Azure Policies to a customer subscriptions. Azure Contributor role There is a way to bypass this limitation of the Contributor role, by adding another role to the on-boarding process: Security Admin. Azure Security Admin role Azure LighthouseAzure PolicyAzure SecurityAzure Security Center
Related Posts Managed Azure Security, Managed Google Cloud Security Google Cloud Security Requirements -part 4 Managed Azure Security, Managed Google Cloud Security Google Cloud Security Requirements -part 1 Managed Azure Security COVID-19 brings unexpected IT challenges Managed Azure Security Secure remote work – part 3 Managed Azure Security Secure remote work – part 2 Managed Azure Security Secure remote work – part 1 Managed Azure Security Top 4 questions to ask yourself about security Managed Azure Security, Microsoft 365 Customer Story: Think Up Consulting Managed Azure Security, Microsoft 365 Privacy tips for a digital world Managed Azure Security, Microsoft 365 CIS Microsoft 365 Foundations Benchmark