>_SkillsHub

> azure-lighthouse

Expert knowledge for Azure Lighthouse development including decision making, security, configuration, integrations & coding patterns, and deployment. Use when designing multi-tenant delegations, RBAC/AOBO/PIM access, policy-based onboarding, Arc/Sentinel integrations, or Marketplace offers, and other Azure Lighthouse related development tasks. Not for Azure Arc (use azure-arc), Azure Managed Applications (use azure-managed-applications), Azure Resource Manager (use azure-resource-manager).

fetch
$curl "https://skillshub.wtf/MicrosoftDocs/Agent-Skills/azure-lighthouse?format=md"
SKILL.mdazure-lighthouse

Azure Lighthouse Skill

This skill provides expert guidance for Azure Lighthouse. Covers decision making, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.

How to Use This Skill

IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g., L35-L120), use read_file with the specified lines. For categories with file links (e.g., [security.md](security.md)), use read_file on the linked reference file

IMPORTANT for Agent: If metadata.generated_at is more than 3 months old, suggest the user pull the latest version from the repository. If mcp_microsoftdocs tools are not available, suggest the user install it: Installation Guide

This skill requires network access to fetch documentation content:

  • Preferred: Use mcp_microsoftdocs:microsoft_docs_fetch with query string from=learn-agent-skill. Returns Markdown.
  • Fallback: Use fetch_webpage with query string from=learn-agent-skill&accept=text/markdown. Returns Markdown.

Category Index

CategoryLinesDescription
Decision MakingL33-L40Guidance on when and how to use Azure Lighthouse: multi-tenant enterprise setups, ISV SaaS patterns, comparing Lighthouse vs managed apps, and designing Managed Service offers.
SecurityL41-L48Securing Azure Lighthouse: tenant/user/role mapping, RBAC and AOBO controls, PIM and eligible authorizations, and recommended security hardening practices.
ConfigurationL49-L61Configuring and managing Azure Lighthouse delegations: onboarding via ARM/policy, updating/removing access, deploying/using policies (incl. built-ins), remediation with managed identities, and monitoring changes.
Integrations & Coding PatternsL62-L69Cross-tenant integration patterns for managing Arc servers, Sentinel workspaces, Migrate projects, and Monitor Logs at scale using Azure Lighthouse.
DeploymentL70-L73Guidance for packaging, publishing, and managing Azure Lighthouse managed service offers in Azure Marketplace, including requirements, steps, and configuration details.

Decision Making

TopicURL
Use Azure Lighthouse in multi-tenant enterpriseshttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/enterprise
Apply Azure Lighthouse in ISV SaaS scenarioshttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/isv-scenarios
Choose between Azure Lighthouse and managed applicationshttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/managed-applications
Design Managed Service offers for Azure Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers

Security

TopicURL
Apply CSP AOBO and Lighthouse security controlshttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/cloud-solution-provider
Implement recommended security practices for Azure Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/recommended-security-practices
Map tenants, users, and roles for Azure Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/concepts/tenants-users-roles
Configure eligible authorizations and PIM for Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/create-eligible-authorizations

Configuration

TopicURL
Configure policy remediation with managed identities via Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/deploy-policy-remediation
Monitor Azure Lighthouse delegation changes via activity logshttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-delegation-changes
Onboard customers to Azure Lighthouse with ARMhttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer
Delegate all subscriptions in a management group with policyhttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-management-group
Deploy Azure Policy across tenants with Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/policy-at-scale
Remove Azure Lighthouse delegations and accesshttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/remove-delegation
Update Azure Lighthouse delegations and role assignmentshttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/update-delegation
Use Azure Lighthouse ARM templates and sampleshttps://learn.microsoft.com/en-us/azure/lighthouse/samples/
Use built-in Azure Policy definitions for Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/samples/policy-reference

Integrations & Coding Patterns

TopicURL
Integrate Azure Lighthouse with Azure Arc at scalehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/manage-hybrid-infrastructure-arc
Manage Microsoft Sentinel workspaces at scale with Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/manage-sentinel-workspaces
Manage Azure Migrate projects across tenants with Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/migration-at-scale
Use Azure Monitor Logs across tenants via Lighthousehttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-at-scale

Deployment

TopicURL
Publish Azure Lighthouse Managed Service offershttps://learn.microsoft.com/en-us/azure/lighthouse/how-to/publish-managed-services-offers

> related_skills --same-repo

> microsoft-foundry

Expert knowledge for Microsoft Foundry (aka Azure AI Foundry) development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building Foundry agents with Azure OpenAI, vector search/RAG, Sora video, realtime audio, or MCP/LangChain APIs, and other Microsoft Foundry related development tasks. Not for Microsoft Foundry Classic (use microsoft-foundry-classic),

> microsoft-foundry-tools

Expert knowledge for Microsoft Foundry Tools (aka Azure AI services, Azure Cognitive Services) development including best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using Content Understanding analyzers, Content Moderator APIs, Foundry containers, VNet/Key Vault security, or Entra auth, and other Microsoft Foundry Tools related development tasks. Not for Microsoft Foundry (use micr

> microsoft-foundry-local

Expert knowledge for Microsoft Foundry Local (aka Azure AI Foundry Local) development including troubleshooting, best practices, decision making, configuration, and integrations & coding patterns. Use when using Foundry Local CLI, chat/transcription APIs, tools, OpenAI/LangChain clients, or upgrading legacy SDKs, and other Microsoft Foundry Local related development tasks. Not for Microsoft Foundry (use microsoft-foundry), Microsoft Foundry Classic (use microsoft-foundry-classic), Microsoft Foun

> microsoft-foundry-classic

Expert knowledge for Microsoft Foundry Classic (aka Azure AI Foundry classic) development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building Foundry agents with RAG, tools, evaluators, Azure OpenAI, VNet/Private Link, or CI/CD deployments, and other Microsoft Foundry Classic related development tasks. Not for Microsoft Foundry (use microsoft-foundry

┌ stats

installs/wk0
░░░░░░░░░░
github stars525
██████████
first seenMar 17, 2026
└────────────

┌ repo

MicrosoftDocs/Agent-Skills
by MicrosoftDocs
└────────────

┌ tags

#azure#security
└────────────