how to manage multi tenants?

Question

how to manage multi tenants?

Qusai Qasem 0

I manage multi tenants for multiple customer. I want to be able to run a script to automate tasks like :

checking which resources are being used
checking if certain resources has service retirement
deploying changes.

PS. I also do have GDAP rights configured in CSP.

What is the best way to do this ?

Pranay Reddy Madireddy 6,180 Reputation points Microsoft External Staff Moderator

2025-05-21T12:00:31.44+00:00

Hi Qusai Qasem
Just checking in to see if the below answer provided by @Obinna Ejidike helped. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

1 answer

Your answer

Pranay Reddy Madireddy 6,180 Reputation points Microsoft External Staff Moderator

2025-05-21T12:00:31.44+00:00

Hi Qusai Qasem
Just checking in to see if the below answer provided by @Obinna Ejidike helped. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 1

Obinna Ejidike 2,220

Hi Qusai Qasem

Thanks for using the Q&A platform.
There is no perfect way of handling all your requests however, I recommend exploring the Azure Lighthouse. Azure Lighthouse enables centralized management of multiple tenants. It gives your service principal or identity access to customer subscriptions without switching directories.

With its cross-tenant experience, you can work more efficiently with Azure services such as Azure Policy, Microsoft Sentinel, Azure Arc, and many more.

Find doc: https://learn.microsoft.com/en-us/azure/lighthouse/overview

Additionally, since you already have GDAP, you can use PowerShell or Azure CLI scripts with the Az module to iterate over customer tenants. You can also use Azure resource graph to detect retired services, and also Terraform to deploy changes across tenants.

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Obinna

Qusai Qasem 0 Reputation points

2025-05-21T13:37:20.72+00:00

Azure Lighthouse is for sure a good option but i want to work from cli or from scripts. i need a way to use teh GDAP access to run script from my account with GDAP access and be able to get that from multi tenant without having to authicate mutiple times. or maybe user a App ID en app secret to do that ?
Obinna Ejidike 2,220 Reputation points

2025-05-22T11:29:24.6+00:00

Hello Qusai,

Thank you for the feedback.

Since you already have GDAP (Granular Delegated Admin Privileges) in place, you can script multi-tenant access via CLI or PowerShell without authenticating repeatedly by following a secure automation approach using Azure AD App Registrations and Certificate or Client Secret-based authentication.

You will need to register a multi-tenant app in one of your tenants and assign the necessary API permissions for Microsoft Graph.

Find a similar post with additional information: https://learn.microsoft.com/en-us/answers/questions/1858034/how-do-i-give-access-to-my-tenant-using-graph-api

If the response was helpful, please feel free to mark it as “Accepted Answer” and consider giving it an upvote. This helps others in the community as well.

Regards,

Obinna

Share via

how to manage multi tenants?

1 answer

Your answer