Use Azure Policy at scale at an MSP

LaurentvanMastrigt-9976 45 Reputation points
2024-10-11T12:08:17.58+00:00

Hi there,

I am starting to use Azure Lighthouse and Policy at a MSP. I want to use Azure Policy to manage all the delegated customer subscriptions. It seems that there is no built-in option to just push initiatives and policies to subscriptions in different tenants, and to monitor the compliance state of each policy afterwards.
In the article https://learn.microsoft.com/en-us/azure/lighthouse/how-to/policy-at-scale is mentioned that through Powershell you can deploy a policy to multiple subscriptions, but that you cannot view compliance details.

What would be the best way to achieve both deploying and monitor compliance within a MSP environment?

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
80 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
938 questions
0 comments No comments
{count} vote

Accepted answer
  1. Rahul Podila 805 Reputation points Microsoft Vendor
    2024-10-30T02:30:46.81+00:00

    Hi @LaurentvanMastrigt-9976
    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here. 

    We’ll first create explicit rules based on your needs, using some of Azure’s built-in templates or customizing our own templates to ensure everything aligns with your goals. To simplify the process, we will automate the application of these settings to all your subscriptions, saving time and reducing the margin of error. 

    I’ll set up regular checks to monitor how well the policies are being followed, so that we can identify any issues that require immediate attention. In addition, we will create an easy dashboard to see how compliant all of your subscriptions are, providing a clear overview and helping us address any areas that need action and we can also create alerts to let you know if the compliance goes down one day with acceptable numbers. 

    I recommend reviewing compliance information and policies periodically to keep everything up-to-date and effective. We can automate this search process to make it even easier. Finally, we will carefully document all settings and changes made, which is necessary to understand what is available and helpful during audits. 
    If you have any further queries, do let us know  

    ---------------------------------------------------------------------------------------------------------  

     If the answer is helpful, please click "Accept Answer" and "Upvote it" 


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.