With the introduction of the New Commerce Experience, Azure Cost Management has become available to customers in the CSP program. As it is common for partners to play an active role in managing and supporting the customer environment, it is also desirable for many partners to gain insight into the Azure consumption of customer environments. As a Microsoft partner, you have Delegate Admin rights that gives you access to customer subscriptions. However, these permissions don’t give you access to Azure Cost Management. This means to monitor the Azure spend of your customers, you would need to switch between multiple tenants. With a growing number of customers, this is no scalable solution.

Azure Lighthouse is a free solution for partners to bring a variety of Azure resources from customer tenants to their own tenant. This way, the partner realizes a multi-tenant management portal for solutions like Azure IaaS workloads,  Azure Backup, Azure Monitor, Defender for Azure, etc. By combining Azure Lighthouse with Azure Cost Management, you as a partner have the tool gain insights on all your customers’ environments from a single pane of glass.

To help you get started with the combination of Azure Lighthouse and Azure Cost Management, we’ve created this guide. You can also use this guide as a starting point for deploying multi-tenant solutions to your customers. For a list Azure services that support cross-tenancy through Azure Lighthouse, please refer to:

Cross-tenant management experiences - Azure Lighthouse | Microsoft Docs

Create the offer from the MSP tenant

To get started with Lighthouse, you need to define a solution offering. An offering consists of one or more RBAC roles in the customer tenants assigned to a group of users from the partner tenant. In this example, we’ll only include Azure Cost Management permissions. This way, all members of the group in the partner organization will be able to access Azure Cost Management for all connected customer tenants. This is a lot more granular than the Delegate Admin permissions that Microsoft Partner Center provides and is also easier when onboarding/offboarding users in the partner organization.

  1. Start by browsing to the Azure Portal and navigate to the Azure Active Directory in the partner tenant.

  2. Create a security group add the members who should be using Azure Cost Management for customers.

  3. Navigate to Azure Lighthouse by using the search bar and define your offering

  4. Create your offer by choosing a name and optional description. Choose to scope the delegation on subscription level and add the authorization

  5. Select the group created earlier and assign the Azure Cost Management Contributor role. Add the authorization create the template.

  6. Download the template that was generated, the offer was created successfully. We’ll use the template to onboard customer subscriptions into Azure Lighthouse.

Deploy the offer to the customer tenant

Now that you have your MSP offer ready, you’re ready to onboard your customers by deploying the template to customer environments.

  1. From the Azure Portal, switch to the customers' subscription. Or use a different browser (or privacy session) to logon to the customer tenant.

  2. Use the search bar to start the deployment of the template.

  3. Choose to build your own template and upload the file you downloaded before.

  4. Select the correct subscription and region to deploy and deploy the template.

  5. Wait for the deployment to complete and verify that the deployment was successful.

  6. Navigate to Azure Lighthouse. Now check the service provider offers to verify the delegations from the template are applied. This means Cost Management is being delegated to the partner tenant.

Use Cost Management from the partner tenant to manage customer subscriptions

Now that your Cost Management offer has been deployed to the customer environment, the customer subscription should become available in your partner Cost Management instance. Follow these steps to get started with Azure Cost Management for partners.

  1. Browse back to the Azure Portal where you’re signed on to your partner tenant.

  2. Open the Directory + Subscription filter settings blade.

  3. Make sure all directories (tenants) are included in the filter. If the customer tenant is not visible yet, please wait for 30 minutes, sign out and sign back in to retry. This step usually takes some time.

  4. The same goes for subscription, make sure all are included.

  5. Navigate to Azure Cost Management. From the Scope filter, select the customer subscription.

Deploy the template to all of your customer tenants. Now you’re ready to use Azure Cost Management as a hub for all your consumption insights. You can also work with budgets, notifications, and scheduled exports.

Troubleshooting

I get an error when deploying the template to my customers' environment telling me I don’t have enough permissions.

Make sure you have Global Admin permissions on the customer tenant as well as Owner permissions on the customer Azure subscription. Delegate Admin permissions from the Partner Center are not sufficient, so you’ll need a named account with enough permissions in the customer tenant.

When deploying the template to the customer tenant, it fails because there’s a resource provider missing.

In some cases, one or more of the resource providers needed are not registered yet. Follow these steps to register the missing resource provider.

Resource providers and resource types - Azure Resource Manager | Microsoft Docs

I’ve successfully deployed the template to my customers' environment, but the environment won’t show up in my partner tenant.

  1. Make sure your account is a member of the security group you created

  2. Sign out and back into the Azure Portal

  3. Adjust the global subscription filter to display all subscriptions

  4. Wait for at least 30 minutes to retry, the process usually takes a while to complete