One user in org can see Customer relationship in Lighthouse, another can't?

Garrett Miller 1 Reputation point
2022-02-18T04:53:34.03+00:00

Hi everyone,

My organization is an MSSP and has a customer relationship with another tenant. We've used an ARM Template to create a service offering for our customer to upload to their Azure subscription. Another user and I in our org were configured with the same exact access, but he's able to see it in our Lighthouse My Customers tab (https://portal.azure.com/#blade/Microsoft_Azure_CustomerHub/MyCustomersBladeV2/overview), and I'm not.

We both have the required "Reader" and other access. Do you know why this would be the case?

Thanks!

175565-screen-shot-2022-02-17-at-95234-pm.png

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
76 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Monalla-MSFT 12,946 Reputation points
    2022-02-18T18:09:19.757+00:00

    @Garrett Miller - Welcome to Microsoft Q&A and thanks for reaching out.

    Apologies for the inconvenience caused.

    A user in the managing tenant should be able to see the customer information as long as the customer are granted the Reader role in when that customer was onboarded to Azure Lighthouse.

    For more information on how you can view and manage delegations, please take a look at this document: view-manage-customers

    If you are still facing the same issue, please let me know so we can work on raising a support ticket.

    Hope this helps.

    ------------------------------------------------------------------

    If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.


  2. Andrew Blumhardt 9,861 Reputation points Microsoft Employee
    2022-02-19T09:34:49.963+00:00

    Do you have Reader at the tenant level? To the root subscription. You might also try global security reader. https://learn.microsoft.com/en-us/azure/defender-for-cloud/tenant-wide-permissions-management


  3. Andrew Blumhardt 9,861 Reputation points Microsoft Employee
    2022-02-20T10:11:01.24+00:00

    I found another related article that mentions "Monitoring Reader"

    https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/lighthouse-security-baseline#pa-1-protect-and-limit-highly-privileged-users

    If not your best best is to open a support case.


  4. Garrett Miller 1 Reputation point
    2022-02-24T02:45:01.333+00:00

    So the problem here was found by Microsoft Support, and was twofold:

    First, I had to go into the "Directories + subscriptions" area in our Azure subscription, and indeed our client was visible was not checked. Checking this made the customer visible in the "My Customers" view, but we were not yet able to see client data.

    177327-image.png

    Second - Eventually we had to "re-register" the Resource Providers Microsoft.SecurityInsights, Microsoft.OperationalInsights and Microsoft.Insights in both the client tenant and our tenant. After doing this, we were able to see client data flowing in.

    177364-image.png

    Thanks all for the help!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.