Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
71 questions
Lighthouse - Deploy a Policy that can be remediated with Managed Identity
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 15%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
bsonnek
51
Reputation points
Can someone confirm if I'm understanding the Managed Identity part of Azure policy remediation from this article?
https://video2.skills-academy.com/en-us/azure/lighthouse/how-to/deploy-policy-remediation#create-a-user-who-can-assign-roles-to-a-managed-identity-in-the-customer-tenant
Do we actually need to create a managed identity inside the customer's subscription to use when we remediate a policy?
OR does the remediation create a managed identity in the process to use for remediation?
I just want to make sure we don't make this more difficult than it needs to be by adding a managed identity to all the existing customer subscriptions we manage in lighthouse.
Currently, the only way I've been able to get an assigned policy to remediate in a customer's subscription, from lighthouse, is to use a "user assigned" managed identity that I manually created inside the customer's subscription.
Am I missing something here, or is this exactly how this is supposed to work?
Thank you in advance!
{count} votes
-
bharathn-msft 5,086 Reputation points Microsoft Employee2021-10-21T16:40:03.887+00:00 Hello @bsonnek - Our sincere apologies for delay in getting back to this thread, I am reviewing the scenario you are looking for and also further check with our internal team and will keep updated.
Sign in to comment