Azure Question posted in
The official documentation to get you started can be found here.

Manage Azure Subscriptions (Customer tenant)

As part of a managed service, we register an application in our customers tenant that uses the Graph API.

How can we manage the necessary subscription in such a way that the customer has as little contact with it as possible (we pay the usage because its part of the Service).

Our ideas/variants:
A) Register the subscription in our tenant and release it for the customer to use (is this possible?) If so, what authorizations can we set (least Privilege principle)?

B) creating the subscription in the customer tenant, restrict authorizations so that only our app can use it. Problem: billing should be handled by us; we want to avoid storing credit card information in the customer tenant.

C) Provision as credits (?)

We have already researched and tried a few things, but cannot find a suitable solution.

What (possibly other) concepts are there for this?

Thank you very much!

Tags:

2

Answers


  1. 0

    Managing a subscription has a couple of things that an ISP can do.

    For MSPs who need to manage Azure subscriptions there is Azure Lighthouse.

    Besides that I think it’s a good to leverage infrastructure as code as much possible and deploy bicep templates using Azure DevOps to a customer tenant. You can design a standard solution with templates you can deploy at every customer (with some minimal changes) per customer. For example a subscription with a key vault and peering to a central network hub, and some policies and access control to enforce some guardrails.

    Besides that there is maybe a need for monitoring the subscription. You deploy a log analytics workspace and monitor a basis set of events of alerts. For example the activity log of each subscription, to get notified when changes happen.

    Then the customer might have a need for security monitoring you could leverage Sentinel to setup some security monitoring and Defender for Cloud to check the security posture.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search