Forum Discussion

venkataramanan6224's avatar
venkataramanan6224
Copper Contributor
Sep 30, 2024
Solved

azure lighthouse Query

Hi All,

 

I am in the process of creating the ARM template to deploy the Azure light house in our environment. I am pretty new to this platform. Request everyone support to understand the design and concept of Sentinel.

As far as I am aware to deploy the Multi-tenant, we require to set up the Azure Light house. On referring the KB article, to create the ARM template, there was an field called "Delegated scope" where we  need to choose either "subscription" or "resource" group. I would like to understand the difference between them. Kindly support

siem
  • Ankit's avatar
    Ankit
    Oct 01, 2024
    Hi venkat !
    Here it is !! you can understand this is in simple terms

    Delegated Scope: Subscription vs Resource Group

    When creating an ARM template for Azure Lighthouse, you need to specify the delegated scope, which determines the level of access and management capabilities for the service provider.

    Here are the key differences between "subscription" and "resource group" in the delegated scope field:

    Subscription
    Scope: The entire Azure subscription
    Access: The service provider has access to all resources within the subscription, including resource groups, resources, and subscriptions.
    Management: The service provider can manage all aspects of the subscription, including billing, policies, and access control.
    Resource Group
    Scope: A specific Azure resource group
    Access: The service provider has access only to the specified resource group and its resources.
    Management: The service provider can manage only the resources within the specified resource group, without access to other resources or subscriptions.
  • Ankit's avatar
    Ankit
    Brass Contributor
    Oct 01, 2024
    Hi venkat !
    Here it is !! you can understand this is in simple terms

    Delegated Scope: Subscription vs Resource Group

    When creating an ARM template for Azure Lighthouse, you need to specify the delegated scope, which determines the level of access and management capabilities for the service provider.

    Here are the key differences between "subscription" and "resource group" in the delegated scope field:

    Subscription
    Scope: The entire Azure subscription
    Access: The service provider has access to all resources within the subscription, including resource groups, resources, and subscriptions.
    Management: The service provider can manage all aspects of the subscription, including billing, policies, and access control.
    Resource Group
    Scope: A specific Azure resource group
    Access: The service provider has access only to the specified resource group and its resources.
    Management: The service provider can manage only the resources within the specified resource group, without access to other resources or subscriptions.

Resources