We have a constant need to monitor current tenant configurations across all customers. Currently, we have a huge Excel-based spreadsheet that includes all customer tenants and all the configuration settings we see relevant to keep track on. The configuration settings are currently recorded on very general level. Updating this own "centralized monitoring tool" is manual, slow and all the changes may not end up to our spreadsheet. The settings we keep track on include for example:

• MFA status in organisation: yes/no


• MFA type, if enabled: per-user / Conditional Access


• Other Conditional Access rules in place (ie. block legacy auth, require device compliancy)


• is Intune deployed, MDM/MAM


• Autopilot configuration status: affects to process of ordering and delivering new computers


• Intune Device Compliancy policies


• Audit log activated: yes/no


• Blocked legacy auth protocols (default tenant settings): which protocols


• Self-Service Password Reset enabled: yes/no


• Password Expiration Policy


• O365 ATP configured: yes/no


• Message Encyption enabled: yes/no


• AIP enabled: yes/no


• Cloud app security enabled: yes/no


• AAD Security defaults enabled: yes/no


• AAD Company Branding: yes/no


• Teams guest access: yes/no


• Teams Live Events: yes/no


• license type: M365 Business Premium / lower / higher (to filter in spreadsheet which features are available, but not yet enabled)

We have used this report in account/IT management: roadmaps, current state reports, prioritization of new projects, evaluation of changes affecting to customers. Our technical department is also very eager for this information, especially when going onsite to give IT support and different kind of questions and issues arise.

It would be huge for us, if Lighthouse could have a centralized view to all customer tenants with features similar to our current solution. We wouldn't mind, if there is even more details of technical configuration per above listed setting or additional M365-settings, which could be monitored via Lighthouse.

We need to be able to select customers to be included in our lighthouse view, and deselect others We need to filter those clients that have a security agreement with us and those that do not.

There are a number of court cases where a MSP has access tot eh data or has received the alert, and did not act on it, and the MSP is liable for the data breach. With the change in the cyber laws, we need to explicitly not view clients information if we have do not have a security agreement with them. The legal community can take a position that if we see the information then we are responsible. We only want to look at those clients that we have a security agreement .

Need to have the ability to build in a rotating display board of different sets of client data, similar to the rotating dashboard that brightguage.co has (or similar tools) that will refresh the data.

So from an admin perspective you need to do the following
- have a mode of View only
- be able to select differnt lighthouse screens or sub screens
- push the screens into a rotating dashboard
- let this loop

The problem you are trying to address is trend analysis. The issue is that as much AI you put into this, humans can visually see trends better then AI. So use the AIT tools to group and adjust the data, and let humans see trends and act on them, and as AI gets better have the AI offer suggestions to the humans.

Lighthouse portal could help us to monitor customer tenants more efficiently, if we could see a overall list of new detections and alerts per customer tenant. This could be a trigger for deeper analysis conducted inside the tenant. Below is a list of different Microsoft detections, alerts and user reported content, in which I would personally see this function helpful.

• AAD Risky users


• AAD Risky sign-ins


• AAD Risk detections


• Office 365 Alerts


• Cloud App Security Alerts


• User reported MFA Frauds

Currently, some of these alerts from customer tenants can be sent to email addresses of our choice, ie. Office 365 Alerts if configured right. The centralized view will decrease the amount of manual configurations across all customer tenants and provide a way for technical and management departments to monitor customer tenants. With knowledge of different events across customer tenants, we can provide better IT service more efficiently.

One of the items I am looking for in Lighthouse is device compliance 'Last Check in'
for instance in my Lighthouse portal I see

But this really isn't restiveness of the problem, it causes me to dig but not much is showing in Lighthouse, I can't click on the Tenant in Device compliance overview, so go to Devices but I can't filter on Tenant (tried and not all entries come together using 'corporate') Policies only do Platform, still waiting on what 'Settings' will give in the future
If I go to the Tenant AAD I see more data than Lighthouse has alerted me to and note Activity column has is showing me no activity for months on 2 devices

I then go to MEM and get more of a surprise, on 3 devices are listed and only 2 being managed by Intune with 1 not checked in since 8/2019.

So Lighthouse caused me to dig, but what would be nice is links and filters as noted above.

A Last checked in field for MEM and AAD if possible.
Maybe a compare of AAD to MEM devices
What about the AAD listings for AutoPilot (purple icon) and notice that the device isn't showing in MEM
Hope this helps in your project meeting conversations.
Rusty