Can a customer's same resource group be managed by multiple MSSP in Azure Lighthouse?

Question

A customer is currently migrating from another MSSP Lighthouse to our Lighthouse. I'm wondering how to make the migration smoother. It would be great if one customer could subscribe to multiple Lighthouses. If not, they will need to migrate out and then in. Any help with this would be great. Thanks

Answer 1

Hi @Wesley,
In Additions to the above response from @Abiola Akinbade

Review the current Lighthouse delegation for MSSP A:

 Check the role assigned (e.g., Reader, Contributor, Owner): If the assigned role is Reader, MSSP A will only have read-only access to the resources.

 Verify the role being granted to MSSP B during delegation: When delegating to MSSP B, ensure that the appropriate RBAC role (such as Contributor or Owner) is assigned, based on the level of control you want to give.

 By managing these roles correctly, you can ensure MSSP A retains limited (read-only), while MSSP B is given full control to manage the environment.

Please let me know if you face any challenge here, I can help you to resolve this issue further

Please provide your valuable comments

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

Answer 2

Yes, a Customer's Resource Group Can Be Managed by Multiple MSSPs in Azure Lighthouse.

RBAC, upon which Lighthouse relies, allows multiple role assignments on the same scope. Therefore, a customer can create separate delegations for the same resource group or subscription to different service provider tenants. Each delegation is independent.

See: https://learn.microsoft.com/en-us/azure/lighthouse/how-to/view-manage-service-providers

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola