Microsoft 365 Lighthouse Ideas
Microsoft 365 Lighthouse is currently in the private preview stage of development, and includes multi-tenant management capabilities for device compliance, threat management and user access management. To learn more visit https://techcommunity.microsoft.com/t5/small-and-medium-business-blog/announcing-microsoft-365-lighthouse-for-managed-service/ba-p/1698181.
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft 365 Lighthouse engineering team. Though we can’t promise to reply to all posts, we want to hear your ideas. Help influence the features and functionality we build.
-
Collect secure score, productivity score, compliance score
Gather them, With sort possibilities, access actions for each customer for improvements from the portal. This creates a work list to improve scores that are not inline with target. Collate education advise for exemple in productivety so the training videos for improvements can be distributed to each customer.
53 votesWe understand the importance of bringing the data from the “scores” to Microsoft 365 Lighthouse. We are currently evaluating this feature for the future. No timeline for availability has been determined.
-
Onedrive Sync Health
We are in the process of moving all customers to OneDrive KFM via Intune Administrative Templates. We would love the ability to be able to centrally monitor the health/last sync time of each users OneDrive for Business. This would allow us to confidently use the AutoPilot Reset function without the risk of potential data loss.
42 votesProviding monitoring of the health of OneDrive sync is a great idea and one we have not been thinking about. Thank you for submitting a new idea and taking the time to vote for it. Currently, we are hyper focused on helping you secure users, devices, and data. So, at the moment we are not prioritizing ideas around the productivity apps and services, though we do want to in the future and we will include this once we are ready to focus on the productivity aspects of Microsoft 365.
If you have not voted for this item and you think it is important, please vote for it! We will periodically review the votes and if we see a significant uptick in votes, we may prioritize it sooner. -
Microsoft Graph Intune Policy Copy between managed Tenants
Is it possible to have the ability to upload JSON templates to push out to our customers from the Lighthouse portal? Device Compliance, Configuration, Administrative Templates, Scripts, Apps, App Protection Policies...
31 votesThank you for sharing this valuable feedback. We understand the need to have the ability to push out custom policy templates to customer tenants. We are currently investigating this feature for future releases of Microsoft 365 Lighthouse.
-
Insight to tenant configurations across all customers
We have a constant need to monitor current tenant configurations across all customers. Currently, we have a huge Excel-based spreadsheet that includes all customer tenants and all the configuration settings we see relevant to keep track on. The configuration settings are currently recorded on very general level. Updating this own "centralized monitoring tool" is manual, slow and all the changes may not end up to our spreadsheet. The settings we keep track on include for example:
- MFA status in organisation: yes/no
- MFA type, if enabled: per-user / Conditional Access
- Other Conditional Access rules in place (ie. block legacy auth, require…
24 votesWe appreciate you taking the time to submit this request. We have heard similar feedback from other audiences with regards to insights to customer configurations across tenants. We are currently investigating this feature for inclusion in future releases of the service.
-
Filter relevant customers
The home screen has dashboards that display a summary for all our customers. We would like to have a filter on this so we could see only the most relevant customers, those who pay us for active monitoring. The option to mark a customer as favorite or the ability to create customers groups would help. To much information or to many alerts of customers that do not expect us to act pro-actively will make that our engineers will ignore the dashboard, even the alerts that do matter.
20 votesWe appreciate you taking the time to submit this request and to vote on it. We have heard similar feedback from other audiences with regards to adding the ability to filter relevant customers in M365 Lighthouse. We will investigate this feature for future releases of the service.
-
Centralized view of detections and alerts across tenants
Lighthouse portal could help us to monitor customer tenants more efficiently, if we could see a overall list of new detections and alerts per customer tenant. This could be a trigger for deeper analysis conducted inside the tenant. Below is a list of different Microsoft detections, alerts and user reported content, in which I would personally see this function helpful.
- AAD Risky users
- AAD Risky sign-ins
- AAD Risk detections
- Office 365 Alerts
- Cloud App Security Alerts
- User reported MFA Frauds
Currently, some of these alerts from customer tenants can be sent to email addresses of our choice, ie. Office 365…
17 votesHello,
This is an idea that has come up with our internal conversations as well. The value to the technician to provide a consolidated view of detections and alerts would be a great addition to Microsoft 365 Lighthouse. At the moment we are hyper focused on helping MSPs get security and management across all the customers setup consistently and following the best practices. This is something we will re-evaluate for the second half of the calendar year.
If you have not voted for this item and you think it is important, please vote for it! We will periodically review the votes and if we see a significant uptick in votes, we may prioritize it sooner.
-
15 votes
We appreciate you taking the time to submit this request and to vote on it. We have heard similar feedback from other audiences with regards to showing a specific list of specific individuals based on role. We will investigate this feature for future releases of the Microsoft 365 Lighthouse service.
-
ORCA report and Exchange Online best practice info
It would be good to surface Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) and other Exchange online best practice settings within the dashboard. Monitoring devices is useful but these metrics alongside Secure score (mentioned in another Lighthouse report) would assist hugely.
8 votesWe appreciate you taking the time to submit this request. We are currently investigating this feature for future release of the service.
-
RBAC (and bonus, JIT/PIM) capabilities for Microsoft 365-focused AAD roles for partners/MSPs
With Azure Lighthouse, we can setup RBAC permissions based on the specific needs and roles our internal MSP employees need to perform their job functions.
As regulatory compliance and security frameworks (including Zero Trust) continue to evolve and MSPs are required to adhere to those same standards, having a capability to define AAD administrative roles to internal AAD SGs that allow very specific levels of access consistently into multiple customer environments.
Microsoft Partner Center (MPC) only allows for Global Administrator (which is way too much) and then Helpdesk Administrator (which is too low) through Delegated Administration without any flexibility to…
8 votesSecuring access to the rights roles is important, so we appreciate you taking the time to submit this. Currently we are investigating how to enable delegated administration for other AAD roles (outside of the Global Admin and Helpdesk Admin currently possible) in a future release of the service. Post that, we’ll make sure to investigate feedback on scenarios that may need custom role permissions.
-
Sensitivity & Retention Label Analytics
A central dashboard to analyze use patterns and identify recommend best practices based on clients governance requirements. The ability to get a birds eye view of labeling across our clients would help us drive adoption for both our clients and our support staff who manage them.
8 votesThank you for sharing this feedback. We are currently evaluating this feature for future release of the service. No timeline for production has been determined at this time.
-
Insights, comparing tenant settings vs templates and other ideas
Here are some requests that we as a CSP would be happy to see in the future. Some are just good to have, but most of them are to get ROI on invested time. Also, this is from a view where many customers are outsourcing their IT to our company and we want to take full responsibility for support and drive our customers towards a secure and effective IT.
The ability to see alert policies tenant wide – Today we can forward these alerts and react, but we would want to have a central area for this and skip the…
6 votes -
Windows Versions, Features, Quality and Software Updates
Would like to see an aggregate view across tenants that shows current version of Windows, feature and quality update version breakdowns, policies details for feature and quality updates as well as if they are paused or running.
6 votes -
Global View of Enterprise App Creation Permissions
It would be nice to be able to get a view of all tenants that allows users to create Enterprise Apps within AAD.
We consider this as high risk, therefore it would be very nice to have a global overview of our customers status on this feature.
And maybe in the future, have the opportunity to disable this setting from the MS365 Lighthouse portal.
6 votesHello,
I appreciate you submitting this idea and everyone who has voted on it. This is one we have had some initial thinking about but not ready to take on in the next few months. We have prioritized few other scenarios ahead of it focused on securing users, devices, and data. However, managing app closely relates to these scenarios. In some of our initial conversation in this space, the question has been raised on what apps SMBs deploy. In the comments, can you please share the common apps you are seeing being used in the SMB space?
Also, if you have not voted for this item and you think it is important, please vote for it! We will periodically review the votes and if we see a significant uptick in votes, we may prioritize it sooner.
Thanks,
Chris Boyd
-
Endpoint analytics
Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and proactively make changes without disrupting end users or generating a help desk ticket. These analytics can give the partner insights for measuring how their customers are working and the quality of the experience we are delivering to users.
5 votesWe appreciate you taking the time to submit this request and to vote on it. We have heard similar feedback from other audiences with regards to surfacing the Endpoint analytics details to help identify policy and/or hardware issues. At the moment we are hyper focused on helping you secure users, devices, and data. So, so we have not prioritized surfacing Endpoint analytics within Microsoft 365 Lighthouse, but we will be looking at in the future. So, if you have not voted for this item and you think it is important, please vote for it! We will periodically review the votes and if we see a significant uptick in votes, we may prioritize it sooner.
-
List admin roles in Azure AD, correlation with Risky Users, Risky Sign-ins, MFA enrollment etc..
Listing how many users are added to any given role in Azure AD, plus more insight into Risk state, MFA enrollment, sign in frequency (like in PIM) to be able to further help customers understand the importance of Identity Lifecycle Management of admin roles aswell.
5 votes -
View all tenants with Audit Log Search Enabled/Disabled
Audit Logging is disabled by default in the Security Admin center. This creates an issue whereby if a security issue occurs and if this wasn't enabled when the tenant was set up, you find out after the threat occurred that you don't have logs to investigate. It would be ideal if this was enabled by default on M365 tenants, but without this change, it'd be nice to have a view that states the tenants that don't have logging enabled, and an option in that central view to enable logging on the individual tenant.
4 votesWe appreciate you taking the time to submit this request. We have heard similar feedback from other audiences with regards to audit logging is not enabled by default in the Security Admin Center. We have passed this feedback to the Audit Logging team to prioritize. With regard to central view of audit logging states, we are currently investigating this feature for future release of the service.
-
Enabling Customers
We need to be able to select customers to be included in our lighthouse view, and deselect others We need to filter those clients that have a security agreement with us and those that do not.
There are a number of court cases where a MSP has access tot eh data or has received the alert, and did not act on it, and the MSP is liable for the data breach. With the change in the cyber laws, we need to explicitly not view clients information if we have do not have a security agreement with them. The legal community…
4 votesWe appreciate the feedback about being able to select customers that are included in the M365 Lighthouse portal. We are currently in progress of releasing a customer list that will allow you to see all customers which you have a contract with (via Partner Center) and we will give you the ability to inactivate a customer. As for filtering on these security agreements we are also working on a tagging feature that would allow you to filter these customers but this is still a work in progress.
-
A log of configuration changes across all customer tenants
We have noticed a need for a log, that lists changes made to M365 services/tenant configuration across all customers. This feature would support MS Partner's internal operations, when the amount of technicians making configuration changes is high, number of customer tenants is high and IT/account management is trying to keep track of activities regarding project management.
This unified change log would include an event, tenant name and time about a change that was made. Eg. to Endpoint Manager device configuration policies, Conditional access rules, Sharepoint sharing settings, Office 365 Alert policies. The scope is wide and in the beginning the…
4 votes -
Email Standard Checks
Further along the lines of email protections, include a way to check and report the configuration of SPF/DKIM/DMARC. All three are recommended according to Microsoft Best Practices to reduce malicious mail and improve email reliability. You (Microsoft) would also be able to easily query what the DKIM records should be within the customer tenants. SPF and DMARC are standard based and should be the same across all organizations that implement them.
4 votes -
Tenant header of who you're managing once you connect via Lighthouse
It would be beneficial to have information on what tenant you are logged into from Lighthouse to ensure you are making changes on the correct environment. Could be their primary domain name or .onmicorosoft.com domain, or even the branding set on that tenant on the header for visibility.
4 votes
- Don't see your idea?