Lighthouse

• Custom roles are not supported
• The Owner role cannot be given to delegated users
• data plane permissions are not supported
• cannot cross environment (i.e. standard commercical, Gov Cloud, China, …) boundaries

Prompt: how is azure PAL different from lighthouse?

Azure PAL (Partner Admin Linking) and Azure Lighthouse are both mechanisms provided by Microsoft to enable partnerships and collaborations between customers and partners in managing Azure resources. While they serve similar purposes, there are some key differences between the two:

1. Scope: Azure PAL is focused on linking a partner to a specific customer's Azure subscription. It establishes a one-to-one relationship between the partner and the customer, allowing the partner to access and manage the customer's Azure resources directly.

 Azure Lighthouse, on the other hand, is designed for scale. It allows a partner to manage multiple customers' Azure resources through a centralized, multi-tenant platform. It provides a unified view and control across all linked customer subscriptions, enabling partners to efficiently manage and support their customer base.

2. Access Control: With Azure PAL, the customer explicitly grants the partner access to their Azure subscription. The partner gains administrative privileges and can perform various management tasks within the linked subscription.

 Azure Lighthouse uses the concept of delegated resource management. Customers establish a trust relationship with their partner and delegate management permissions to them. The partner is then granted access to specific resources within the customer's Azure environment, as defined by the customer.

3. Cross-Tenancy Management: Azure Lighthouse supports managing resources across different Azure Active Directory (Azure AD) tenants. This is especially useful for partners who work with customers in a multi-tenant environment, such as managed service providers (MSPs) serving multiple clients.

 Azure PAL, on the other hand, is limited to linking a partner with a single customer's Azure subscription. It doesn't provide the same level of cross-tenancy management capabilities.

In summary, while both Azure PAL and Azure Lighthouse enable partnerships between customers and partners, Azure Lighthouse is more suitable for partners managing multiple customers at scale, with support for cross-tenancy management. Azure PAL, on the other hand, focuses on establishing a direct connection between a partner and a specific customer's Azure subscription.