Azure Lighthouse provides delegated Azure access to MSPs, similar to how GDAP allows access to Microsoft 365. https://azure.microsoft.com/en-us/products/azure-lighthouse This way, we simply login to the Azure portal and manage all our customers, similar to the Microsoft Partner Center (GDAP). We have confirmed that integrations can utilize Azure Lighthouse delegated application permissions as well. We successfully configured BackupRadar to use 1 set of app registration credentials (given Reader permissions on each client Azure subscription) to inspect all our Azure customers and monitor backups. In the same way, we want to be able to use an application registration credential in our Partner tenant to inspect all customers' Azure environments. The Liongard Azure Inspector should discover organizations/tenants. Each Tenant has X number of subscriptions under it. The tenant can be mapped to a customer environment. See the attached screenshot to see one for the screens in Azure Lighthouse, which lists some of the delegated organizations and subscriptions. An alternative way to support Azure Lighthouse access would be an optional field called Subscription ID in the Azure inspector creation form. Currently, Azure lighthouse credentials do not work in Liongard. It looks like it's trying to target some unknown subscription ID. I assume it is trying to grab a list of all of the subscriptions or something.
