{"id":"925889d6-b770-4d55-b2da-07e519e50620","shortId":"sKVQJq","kind":"skill","title":"azure-lighthouse","tagline":"Expert knowledge for Azure Lighthouse development including decision making, security, configuration, integrations & coding patterns, and deployment. Use when configuring Lighthouse delegations, AOBO/PIM access, Arc/Sentinel integrations, policies/remediation, or Marketplace offe","description":"# Azure Lighthouse Skill\n\nThis skill provides expert guidance for Azure Lighthouse. Covers decision making, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Decision Making | L33-L39 | Guidance on when and how to use Azure Lighthouse: multi-tenant enterprise setups, ISV SaaS patterns, comparing Lighthouse vs managed apps, and designing Managed Service offers. |\n| Security | L40-L47 | Managing secure access in Azure Lighthouse: roles, tenants, AOBO, PIM eligible authorizations, and recommended security controls/practices for cross-tenant management. |\n| Configuration | L48-L60 | Configuring and managing Azure Lighthouse delegations: onboarding via ARM/policy, updating/removing access, deploying/using policies (incl. built-ins), remediation with managed identities, and monitoring changes. |\n| Integrations & Coding Patterns | L61-L68 | Cross-tenant integration patterns for managing Arc servers, Sentinel workspaces, Migrate projects, and Monitor Logs at scale using Azure Lighthouse. |\n| Deployment | L69-L72 | Guidance for packaging, publishing, and managing Azure Lighthouse managed service offers in Azure Marketplace, including requirements, steps, and configuration details. |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Apply Azure Lighthouse in ISV SaaS scenarios | https://learn.microsoft.com/en-us/azure/lighthouse/concepts/isv-scenarios |\n| Choose between Azure Lighthouse and managed applications | https://learn.microsoft.com/en-us/azure/lighthouse/concepts/managed-applications |\n| Design Managed Service offers for Azure Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Apply CSP AOBO and Lighthouse security controls | https://learn.microsoft.com/en-us/azure/lighthouse/concepts/cloud-solution-provider |\n| Implement recommended security practices for Azure Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/concepts/recommended-security-practices |\n| Use tenants, users, and roles with Azure Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/concepts/tenants-users-roles |\n| Configure eligible authorizations with Azure Lighthouse and PIM | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/create-eligible-authorizations |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Configure policy remediation with managed identities via Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/deploy-policy-remediation |\n| Monitor Azure Lighthouse delegation changes via activity logs | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-delegation-changes |\n| Onboard customers to Azure Lighthouse with ARM | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer |\n| Delegate all subscriptions in a management group with policy | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-management-group |\n| Deploy Azure Policy across tenants with Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/policy-at-scale |\n| Remove Azure Lighthouse delegations and access | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/remove-delegation |\n| Update Azure Lighthouse delegations and role assignments | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/update-delegation |\n| Use Azure Lighthouse ARM templates and samples | https://learn.microsoft.com/en-us/azure/lighthouse/samples/ |\n| Use built-in Azure Policy definitions for Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/samples/policy-reference |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Integrate Azure Lighthouse with Azure Arc at scale | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/manage-hybrid-infrastructure-arc |\n| Manage Microsoft Sentinel workspaces at scale with Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/manage-sentinel-workspaces |\n| Manage Azure Migrate projects across tenants with Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/migration-at-scale |\n| Use Azure Monitor Logs across tenants via Lighthouse | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-at-scale |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Publish Azure Lighthouse Managed Service offers | https://learn.microsoft.com/en-us/azure/lighthouse/how-to/publish-managed-services-offers |","tags":["azure","lighthouse","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-lighthouse","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-lighthouse","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (5,566 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:53:34.338Z","embedding":null,"createdAt":"2026-04-18T21:59:23.607Z","updatedAt":"2026-04-22T06:53:34.338Z","lastSeenAt":"2026-04-22T06:53:34.338Z","tsv":"'/en-us/azure/lighthouse/concepts/cloud-solution-provider':383 '/en-us/azure/lighthouse/concepts/isv-scenarios':350 '/en-us/azure/lighthouse/concepts/managed-applications':360 '/en-us/azure/lighthouse/concepts/managed-services-offers':370 '/en-us/azure/lighthouse/concepts/recommended-security-practices':393 '/en-us/azure/lighthouse/concepts/tenants-users-roles':404 '/en-us/azure/lighthouse/how-to/create-eligible-authorizations':415 '/en-us/azure/lighthouse/how-to/deploy-policy-remediation':429 '/en-us/azure/lighthouse/how-to/manage-hybrid-infrastructure-arc':529 '/en-us/azure/lighthouse/how-to/manage-sentinel-workspaces':540 '/en-us/azure/lighthouse/how-to/migration-at-scale':551 '/en-us/azure/lighthouse/how-to/monitor-at-scale':562 '/en-us/azure/lighthouse/how-to/monitor-delegation-changes':440 '/en-us/azure/lighthouse/how-to/onboard-customer':450 '/en-us/azure/lighthouse/how-to/onboard-management-group':462 '/en-us/azure/lighthouse/how-to/policy-at-scale':472 '/en-us/azure/lighthouse/how-to/publish-managed-services-offers':574 '/en-us/azure/lighthouse/how-to/remove-delegation':481 '/en-us/azure/lighthouse/how-to/update-delegation':491 '/en-us/azure/lighthouse/samples/':501 '/en-us/azure/lighthouse/samples/policy-reference':513 '/microsoftdocs/mcp/blob/main/readme.md)':153 '3':124 'accept':192 'access':26,158,239,272,478 'across':466,545,556 'activ':436 'agent':73,117,176,190 'aobo':245,376 'aobo/pim':25 'app':227 'appli':341,374 'applic':357 'arc':299,524 'arc/sentinel':27 'arm':447,495 'arm/policy':270 'assign':488 'author':248,407 'avail':143 'azur':2,7,33,42,213,241,265,311,323,329,342,353,366,389,400,409,431,444,464,474,483,493,506,520,523,542,553,567 'azure-lighthous':1 'built':277,504 'built-in':276,503 'capabl':65 'categori':76,84,100,196,198 'chang':285,434 'choos':351 'code':16,50,287,515 'combin':55 'compar':223 'configur':14,22,48,258,262,335,405,416,419 'content':60,162 'control':380 'controls/practices':252 'cover':44 'cross':255,293 'cross-ten':254,292 'csp':375 'custom':442 'decis':11,45,201,337 'definit':508 'deleg':24,267,433,451,476,485 'deploy':19,53,313,463,563 'deploying/using':273 'descript':200 'design':229,361 'detail':336 'develop':9 'doc':168 'document':63,161 'e.g':88,104 'elig':247,406 'enterpris':218 'expert':4,39 'fallback':180 'fetch':64,160,169,182 'file':94,102,109,114 'github.com':152 'github.com/microsoftdocs/mcp/blob/main/readme.md)':151 'group':457 'guid':150 'guidanc':40,206,317 'ident':282,424 'implement':384 'import':71,115 'in':278 'incl':275 'includ':10,331 'index':77,197 'instal':147,149 'integr':15,28,49,286,295,514,519 'isv':220,345 'knowledg':5 'l120':91 'l33':204 'l33-l39':203 'l35':90 'l35-l120':89 'l39':205 'l40':235 'l40-l47':234 'l47':236 'l48':260 'l48-l60':259 'l60':261 'l61':290 'l61-l68':289 'l68':291 'l69':315 'l69-l72':314 'l72':316 'latest':132 'learn':175,189 'learn-agent-skil':174,188 'learn.microsoft.com':349,359,369,382,392,403,414,428,439,449,461,471,480,490,500,512,528,539,550,561,573 'learn.microsoft.com/en-us/azure/lighthouse/concepts/cloud-solution-provider':381 'learn.microsoft.com/en-us/azure/lighthouse/concepts/isv-scenarios':348 'learn.microsoft.com/en-us/azure/lighthouse/concepts/managed-applications':358 'learn.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers':368 'learn.microsoft.com/en-us/azure/lighthouse/concepts/recommended-security-practices':391 'learn.microsoft.com/en-us/azure/lighthouse/concepts/tenants-users-roles':402 'learn.microsoft.com/en-us/azure/lighthouse/how-to/create-eligible-authorizations':413 'learn.microsoft.com/en-us/azure/lighthouse/how-to/deploy-policy-remediation':427 'learn.microsoft.com/en-us/azure/lighthouse/how-to/manage-hybrid-infrastructure-arc':527 'learn.microsoft.com/en-us/azure/lighthouse/how-to/manage-sentinel-workspaces':538 'learn.microsoft.com/en-us/azure/lighthouse/how-to/migration-at-scale':549 'learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-at-scale':560 'learn.microsoft.com/en-us/azure/lighthouse/how-to/monitor-delegation-changes':438 'learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-customer':448 'learn.microsoft.com/en-us/azure/lighthouse/how-to/onboard-management-group':460 'learn.microsoft.com/en-us/azure/lighthouse/how-to/policy-at-scale':470 'learn.microsoft.com/en-us/azure/lighthouse/how-to/publish-managed-services-offers':572 'learn.microsoft.com/en-us/azure/lighthouse/how-to/remove-delegation':479 'learn.microsoft.com/en-us/azure/lighthouse/how-to/update-delegation':489 'learn.microsoft.com/en-us/azure/lighthouse/samples/':499 'learn.microsoft.com/en-us/azure/lighthouse/samples/policy-reference':511 'lighthous':3,8,23,34,43,214,224,242,266,312,324,343,354,367,378,390,401,410,426,432,445,469,475,484,494,510,521,537,548,559,568 'line':86,98,199 'link':103,112 'local':56 'locat':80 'log':307,437,555 'make':12,46,202,338 'manag':226,230,237,257,264,281,298,322,325,356,362,423,456,530,541,569 'markdown':179,195 'marketplac':31,330 'mcp':138,165 'metadata.generated':119 'microsoft':167,531 'microsoftdoc':139,166 'migrat':303,543 'monitor':284,306,430,554 'month':125 'multi':216 'multi-ten':215 'network':157 'off':32 'offer':232,327,364,571 'old':126 'onboard':268,441 'packag':319 'pattern':17,51,222,288,296,516 'pim':246,412 'polici':274,420,459,465,507 'policies/remediation':29 'practic':387 'prefer':163 'project':304,544 'provid':38 'publish':320,566 'pull':130 'queri':171,185 'quick':58 'quick-refer':57 'rang':87 'read':93,108 'recommend':250,385 'refer':59,113 'relev':81 'remedi':279,421 'remot':62 'remov':473 'repositori':136 'requir':156,332 'return':178,194 'role':243,398,487 'saa':221,346 'sampl':498 'scale':309,526,535 'scenario':347 'section':82 'secur':13,47,233,238,251,371,379,386 'security.md':105,106 'sentinel':301,532 'server':300 'servic':231,326,363,570 'setup':219 'skill':35,37,70,155,177,191 'skill-azure-lighthouse' 'source-microsoftdocs' 'specifi':97 'step':333 'string':172,186 'subscript':453 'suggest':127,144 'templat':496 'tenant':217,244,256,294,395,467,546,557 'text/markdown':193 'tool':140 'topic':339,372,417,517,564 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'updat':482 'updating/removing':271 'url':340,373,418,518,565 'use':20,68,74,92,107,164,181,212,310,394,492,502,552 'user':129,146,396 'version':133 'via':269,425,435,558 'vs':225 'webpag':183 'workspac':302,533","prices":[{"id":"b56712f9-31e6-460e-b2f8-e653fce46750","listingId":"925889d6-b770-4d55-b2da-07e519e50620","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:23.607Z"}],"sources":[{"listingId":"925889d6-b770-4d55-b2da-07e519e50620","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-lighthouse","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-lighthouse","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:23.607Z","lastSeenAt":"2026-04-22T06:53:34.338Z"}],"details":{"listingId":"925889d6-b770-4d55-b2da-07e519e50620","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-lighthouse","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-22T01:37:27Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"4e14bf5c11aa6027d27c15e17c46bf8f3ab3aaf3","skill_md_path":"skills/azure-lighthouse/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-lighthouse"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-lighthouse","description":"Expert knowledge for Azure Lighthouse development including decision making, security, configuration, integrations & coding patterns, and deployment. Use when configuring Lighthouse delegations, AOBO/PIM access, Arc/Sentinel integrations, policies/remediation, or Marketplace offers, and other Azure Lighthouse related development tasks. Not for Azure Arc (use azure-arc), Azure Managed Applications (use azure-managed-applications), Azure Resource Manager (use azure-resource-manager), Azure Role-based access control (use azure-rbac).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-lighthouse"},"updatedAt":"2026-04-22T06:53:34.338Z"}}