Enabling partners to scale across their SMB customers with Microsoft 365 Lighthouse

Posted by

This post has been republished via RSS; it originally appeared at: Small and Medium Business Blog articles.

Microsoft 365 Lighthouse homepage including a recommendation to begin the GDAP setup.Microsoft 365 Lighthouse homepage including a recommendation to begin the GDAP setup.


Today, one year after the general availability (GA) of Microsoft 365 Lighthouse, I want to share top highlights on how we have expanded Microsoft 365 Lighthouse to better support our users. We built and continue to grow Microsoft 365 Lighthouse to assist partners in securing and managing our shared small and medium business (SMB) customers. Microsoft 365 Lighthouse is a first party multi-tenant solution targeting manage service providers (MSPs) who are looking for a secure solution that helps them streamline and automate the management of their Microsoft 365 customers at scale. It helps partners operationalize and scale their SMB security practices by applying consistent policies and settings targeted at SMB; quickly identify drifts and threats across users, data and devices to proactively take action; and help them adopt a zero-trust model for themselves and their customers inclusive of adopting least privileged roles as they manage on behalf of their customers.

The secret to scale is standardizing the customer stack and your management practice. This is what Microsoft 365 Lighthouse is about. By leveraging offers such as Microsoft 365 Business Premium, which includes productivity, management, identity and security, you can standardize on a comprehensive solution. Microsoft 365 Lighthouse makes it easy to leverage the value across the Microsoft 365 portfolio rapidly, assisting you in keeping services, data, apps, and devices secure across all customers.

Perform common tasks across all your customers
Image of account manangement to manage inactive users within Microsoft 365 LighthouseImage of account manangement to manage inactive users within Microsoft 365 Lighthouse

Microsoft 365 Lighthouse provides centralized management for MSPs that allows them to manage multiple SMB customer tenants from a single pane of glass. This enables MSPs to be proactive in identifying issues with their customers and allowing them to get ahead on a resolution before the customer needs to raise it. When we released Microsoft 365 Lighthouse, we enabled several scenarios for managing device compliance, users, and threats across tenants. Over the past year, we have continued to expand and deliver new features to help MSPs manage customer tenants. Here are some of the scenarios we have enabled in Microsoft 365 Lighthouse recently:

  • We made it easy for you to search across all your customers and find the user you are searching for. We redesigned the user details pane to include more user information and more actions that you can take to better manage users. For example, it is easy to find the user who needs their password reset and reset it. 
  • Discover and manage inactive users. Take action and block users who have not signed in and reclaim unused licenses.
  • Manage quarantined emails across all your customers. From a single pane of glass, you can gain visibility into the emails that need to be triaged to keep your customers safe and productive.
  • Manage share mailboxes and meeting rooms across your SMB customers. Perform common management actions like delegating access to other users and securing shared mailboxes by blocking direct access.
  • Act on threats with a single actionable view of Microsoft Defender Endpoint incidents and alerts. Quickly discover and take action to secure and keep your users safe.

These are only a few of the scenarios we have enabled in the past year to help you perform common tasks across all your SMB customers. To learn more on Microsoft 365 Lighthouse, check out these interactive guides:

By leveraging the powerful features and benefits of Microsoft 365 Lighthouse, MSPs can securely and effectively manage SMB customers at scale, helping them build successful, long-lasting relationships with their customers.

Scale your MSP with standard configuration across your customer
An image of deployment insights across the customers partner manages within Microsoft 365 Lighthouse.An image of deployment insights across the customers partner manages within Microsoft 365 Lighthouse.

Building on what we shared in our previous blog post, we continue to expand the functionality to enable standardization to drive profitability. Microsoft 365 Lighthouse provides a greater level of automation on deploying tasks against defined baseline and provides insights into how customers are configured against the baseline. This enables MSP tools to roll out new services and features quickly and easily for customers. While reducing the time and effort required to manage customer tenants, drive security practices and deliver value to customers more efficiently. 

This starts with the default baseline and working through a customer's deployment plan. Since we have last shared, our default baseline has grown to include 16 tasks that enable you to quickly perform actions like enabling MFA, set up Microsoft Defender for Business, set App protection policies and much more. To see all the tasks that are included in the default baseline, you can check it out by signing into Microsoft 365 Lighthouse and clicking on Deployment ---> Baselines in the left navigation.

Over the past year we have added insights to provide greater visibility into understanding how customer tenants are configured and measured against the baseline. These include tools to untangle existing configurations to drive consistency and deployment insights across tenants to quickly understand where you need to focus especially where customers may have gaps in functional coverage and may need additional licensing to keep customers safe and secure.

In the coming weeks we plan to share more in depth on how you can use deployment plans and baselines to scale standard configurations across your SMB customers. We will provide more context on the scenarios we were thinking about when we built this functionality. To learn more today, check out our interactive guide, Protect customers with baselines in Microsoft 365 Lighthouse.

Reduce your risk and ease your transition to GDAP

An image of the GDAP setup wizard showing the tiers of permissions within Microsoft 365 Lighthouse.An image of the GDAP setup wizard showing the tiers of permissions within Microsoft 365 Lighthouse.


We know as an MSP you are taking on some very big responsibilities that do come with risk in managing multiple customers. To help reduce your risk and to minimize exposure we have enabled granular delegated admin privileges (GDAP). This is an evolution from the delegated admin privileges, which allows you to right-size the permissions for your organization when working with customer tenants. With this granularity comes complexity in managing the right roles for the right customer and your agents. To help manage the complexity and to follow best practices, we have created a GDAP setup wizard in Microsoft 365 Lighthouse to help transition MSPs from using DAP to GDAP and to manage the relationships going forward.

You can now establish GDAP relationships with multiple SMB customers at once from the Microsoft 365 Lighthouse and assign users in the partner tenant to security groups with various roles and levels of permissions. To do this, you'll create reusable templates based on tiers of support for your customers and for various groups of technicians. You'll see recommended roles for each tier of support during this process. Once created, these templates can then be reapplied as needed to new customers. This functionality allows you to quickly establish GDAP with your customers by using a least privileged approach.

It is important to note that there are some key milestones coming up with regards to transition from DAP to GDAP.

  • March 15, 2023:  Microsoft will be publishing updated dates for key milestones related to DAP and GDAP here.
  • Starting May 22, 2023: Microsoft will begin transitioning active and inactive DAP relationships to GDAP with limited Azure Active Directory (AD) roles. For MSPs, we recommend using the GDAP setup wizard in Microsoft 365 Lighthouse to transition your MSP from DAP to GDAP before this date.

To learn more about the GDAP wizard, check out our interactive guide: Secure Microsoft 365 Lighthouse. For more information about GDAP, check out: Introduction to granular delegated admin privileges (GDAP).


We have a lot more plans to expand on the capabilities to manage delegated permissions in Microsoft 365 Lighthouse in the coming months and will be sharing more here.

Next Step

If you already have Microsoft 365 Lighthouse, sign-in and check out latest on what it has to offer at lighthouse.microsoft.com. If you don’t have it, Sign up for Microsoft 365 Lighthouse.


Lastly, make sure to Follow or Subscribe to the Small and Medium Business Blog! As we have so much more to share about Microsoft 365 Lighthouse. Over the next few months, we will be diving into more details about the above areas plus sharing so much more on how Microsoft 365 Lighthouse can help you secure and manage your SMB customers at scale, while making them more productive.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.