Microsoft 365 Lighthouse is now in public preview

Published Jul 14 2021 07:55 AM 40.9K Views

At Ignite 2020, we announced the private preview of Microsoft 365 Lighthouse. Since then, we’ve been hard at work co-creating with our preview partners to build experiences that will help you succeed in delivering managed security services.


Today we are thrilled to announce the public preview of Microsoft 365 Lighthouse, available to managed service provider (MSP) partners in worldwide geographies serving small and medium-sized businesses that are using Microsoft 365 Business Premium.


Let’s look at how Microsoft 365 Lighthouse can help you to scale the delivery of managed security services. Then we’ll review the capabilities, public preview criteria, and how to get started.


Microsoft 365 Business Premium is the comprehensive foundation for secure work from anywhere

As the world around us changes, so do the security challenges our customers face. Cyber-attacks are on the rise, targeting supply chains and disrupting downstream customers in different countries and across industries. Small and medium-sized businesses are not equipped to handle security threats in-house. They are looking for IT partners to help.


These challenges require MSPs to bring new cybersecurity capabilities to customers, which is a growth opportunity for partners with managed security services.


Microsoft 365 Business Premium brings together productivity and collaboration tools including Office and Microsoft Teams, along with advanced security and management capabilities.


Deploying this comprehensive solution for customers removes the complexity and cost that comes with piecing together disparate productivity and security solutions. Standardizing on a complete productivity solution with integrated security helps to protect customers from:

  • Malware and viruses with Microsoft Defender Antivirus.
  • Phishing and ransomware threats with Microsoft Defender for Office 365
  • Identity threats with identity protection and multifactor authentication with Azure Active Directory Premium P1
  • Endpoint threats and device compliance issues with simplified device management using Microsoft Intune.

Microsoft 365 Business Premium gives your customers essential security capabilities in one package.


Technology standardization helps to drive profitability

Building managed services on disparate solutions can add cost and complexity to your business. Each solution requires additional time to skill up technicians. In addition, these unique products are typically not designed to work together, requiring you to create, manage, and support custom solutions. Standardizing customer environments on a consistent technology stack helps to simplify and streamline your operations, cut cost, optimize staff, and free up resources to build value-added services on top of a set of common offers.


That's why more and more partners have been discovering the benefits of rolling out Microsoft 365 Business Premium. As number of customers on this solution has grown, they have been asking for ways to better manage security and device management capabilities across customers—which is where Microsoft 365 Lighthouse comes in.


Scale delivery of managed security services with Microsoft 365 Lighthouse

Let’s look at what Microsoft 365 Lighthouse is and how it can help you secure and manage your Microsoft 365 Business Premium customers at scale.


Microsoft 365 Lighthouse is a unified portal that helps managed service providers to secure devices, data, and users at scale for small and medium sized business customers that are using Microsoft 365 Business Premium. It simplifies onboarding of tenants by recommending security configuration baselines optimized for SMBs and provides management views across your customer environments.


Customer management at scale

Microsoft 365 Lighthouse empowers partners to quickly identify and act on threats, anomalous sign-in, and device compliance alerts. You can configure a set of action-oriented dashboards on the homepage that allow you to identify and focus on customers that are a priority for you. It provides quick contextual links to configuration pages, settings, and documentation that might otherwise take a long time to navigate through.

Microsoft 365 Lighthouse homepage showing alerts across multiple customers at a glance.Microsoft 365 Lighthouse homepage showing alerts across multiple customers at a glance.

With Microsoft 365 Lighthouse you can scale the management of your customers, focus on what is most important, quickly find and investigate risks, and get your customers to a healthy and secure state.


Proactive risk management

With Microsoft 365 Lighthouse you can proactively manage risk by frequently monitoring customer tenants in a consistent way. The portal offers simplified views of critical aspects of customer environments that allow you to quickly review, prioritize, and act to resolve alerts, and help ensure each customer has adopted security best practices to mitigate risk. It includes service health updates that help technicians stay informed of service events affecting tenants and proactively reach out to affected customers, helping you to maintain trust and credibility.

Microsoft 365 Lighthouse device compliance page highlighting status across multiple customers.Microsoft 365 Lighthouse device compliance page highlighting status across multiple customers.

Improved security

Key capabilities in Microsoft 365 Lighthouse that help secure your customers include:


Threat protection and Antivirus

  • View status of Microsoft Defender Antivirus across all Windows 10 devices under management.
  • Check for active threats, restart devices, update Antivirus, and execute Antivirus scans.
  • Understand which users and devices are affected by security events, what was blocked or quarantined, and where more reviews are needed.

Identity and access management

  • View a central list of all users across your customers.
  • Get insights into risky sign-ins and conditional access policy settings.

Device compliance

  • View and manage device compliance access your customers from one location.
  • Quickly identify which customers have device compliance policies configured, and which require attention.

Threat management page showing Microsoft Defender Antivirus alerts and required actions.Threat management page showing Microsoft Defender Antivirus alerts and required actions.

Standardize configuration using Baselines and Deployment plans

Standardization of security policies also elevates the security of your customers, proactively reducing the risk to their business, and making it simpler to scale your managed service offerings.


There are many policy recommendations for Microsoft 365 services, but until today they have been largely focused on Enterprise customers. We’ve heard from you that the guidance for SMBs doesn’t exist to easily deploy and scale the right security standards. In response, we’ve created a set of best practices optimized for SMBs called Baselines and have made them available to deploy to customer tenants directly from Microsoft 365 Lighthouse.


The default baselines currently available consist of six policies across identity, and devices. They include:

  • Require MFA for Admins
  • Require MFA for Users
  • Block Legacy Authentication
  • Set up device enrollment
  • Configure Microsoft Defender Antivirus for Windows 10
  • Configure a Windows 10 device compliance policy.

You can use a Deployment plan to implement Baseline configurations to customer tenants that have been onboarded into Microsoft 365 Lighthouse.

Baseline configurations optimized for SMBs are ready for review within Microsoft 365 LighthouseBaseline configurations optimized for SMBs are ready for review within Microsoft 365 Lighthouse

Partner success

Let’s hear from one of our partners, Be-Cloud, who have been standardizing their offers on Microsoft 365 Business Premium and using Microsoft 365 Lighthouse to elevate the security of their customers. You can read the full story here.



WeSafe is an MSP partner based in Sweden primarily serving SMB customers from 20-200 employees. After standardizing their customer offers on Microsoft 365 Business Premium, they saw operational efficiencies which increased profitability by 250 percent over three years. By monitoring and managing its Microsoft 365 Business Premium customer tenants with Microsoft 365 Lighthouse, WeSafe achieves scalability and efficiency, along with increased customer value for even greater profitability. Read more of WeSafe's story here.


Public preview criteria

Microsoft 365 Lighthouse is available to eligible organizations at no cost, and your participation in this release is key to helping us build a service that will help your business scale and grow.


Let’s talk about eligibility for the public preview to ensure you are the right candidate for Microsoft 365 Lighthouse. 

  • You are a Managed Service Provider enrolled in the Cloud Solution Provider (CSP) program.
  • You have established Delegated Administration privileges with customers.
  • Your customers must have a Microsoft 365 Business Premium subscription.
  • Each customer tenant must not have more than 500 licensed users in total.
  • Customer devices must be enrolled in Microsoft Intune for Device Compliance and Threat Management capabilities to work.


If you meet these criteria, you will find these steps to activate Microsoft 365 Lighthouse in your tenant located at You will find more information about the product on the Microsoft 365 Lighthouse section of


We are excited to put Microsoft 365 Lighthouse in your hands and are looking forward to continuing this journey together. Your feedback is critical to ensure Microsoft 365 Lighthouse helps you scale and grow your business. You can provide feedback in UserVoice or through feedback channels right within the product.


Learn more at our partner webinar

Register to join us for a Microsoft 365 Lighthouse webinar on July 28th at 8am Pacific Time zone, Using Microsoft 365 Lighthouse to Secure and Standardize Microsoft 365 Business Premium Customers. During this session, you will get a deep dive on available scenarios to secure and standardize your customers at scale.



Microsoft 365 Lighthouse product page

Microsoft 365 Lighthouse Public preview onboarding

Microsoft 365 Lighthouse Documentation

Microsoft 365 Lighthouse FAQ

Microsoft 365 Business Premium Playbook


Hi, question around requirements @Jon Maunder.


Are these being hard one? Like if we have customers with Enterprise, we can still onboard? And in console we see only Business Premium customers?


Or "Each customer tenant must not have more than 500 licensed users". So, if we have customer with 501 licenses, will Lighthouse stop work for us? This customer gets missing from console or what?


Thanks for clarify these requirements. We are thrilled to try this and advance our services for our customer but currently this is hard stop for such requirements.

Occasional Contributor

Only Business Licenses no Enterprise? Max 500 Users? Crazy 🧐


@Petr Vlk - The customer must have at least one Microsoft 365 Business Premium subscription on their tenant, but it can be mixed with other subscriptions. We will not on-board a customer with more then 500 licensed users, however we do provide some growth for the customer if they are already on-boarded to Microsoft 365 Lighthouse to go beyond 500. For all other customers that are below the limit, Microsoft 365 Lighthouse will continue to work fine.

Senior Member

It makes sense, I think to roll-out to SMB first, but not sure why the 500x users maximum threshold with a pre-req to have 1x M365 Business Premium (which is tenant-limited to 300x licensed users)?

It seems Microsoft 365 Lighthouse has an ideal target audience for small Enterprise organisations with 499x M365 E3/E5 users and 1x M365 Business Premium user.

Is that right?

Occasional Contributor

The M365 Business Premium and 500 total user limit on the one hard are quite arbitrary, and on the other clearly focus Microsoft 365 Lighthouse on a product (M365 Business Premium) and a market segment (under 500 total users). It's a shame to conflate Microsoft 365 Lighthouse--which is narrowly focused--with Azure Lighthouse which operates without scale limitations across dozens of Azure products and services. I'd suggest a new name for this without such a broad scope as 'Microsoft 365 Lighthouse', like M365 Business Premium Security Portal for CSPs. As a data point from an Gold Partner MSP/MSSP, I can share that 25% of our managed CSP customers show up as Active (eligible for Microsoft 365 Lighthouse). The other 75% are too large or don't own any M365 Business Premium. That makes 'Microsoft 365 Lighthouse' a non-starter for our operations, but perhaps for small MSPs with small customers that all buy M365 Business Premium, there is a fit.

Occasional Contributor

Is it just a public view limitation or will that also be the limit for GA?

Regular Visitor

I have just been on the Partner webinar about Lighthouse, and was referred here about a tech issue I have.
I added Lighthouse to our own Tenant last week, but there is a permissions problem somewhere. eg:


All panes on the Home page show 'Access restriction - Insufficient or lack of permissions is causing access restriction'

The Tenants page just shows a single error message 'Unauthorized to view data'


Microsoft 365 Lighthouse is showing up in 'Your Products' in our Tenant with Assigned Licenses as 0 and Purchased Quantity as 1, which looks right. Subscription Status is 'Active' with a green tick. I am logged in to Lighthouse using a Global Admin account for our portal.

We have a number of tenants with M365 Business Premium licenses, and with Delegated Admin configured.

Have I done something wrong or is it your end?

New Contributor

I have setup Lighthouse on my Tenant and am mighty please with what I see  so far.  One quick question.  If I want to manage my own tenant which has BP license, can I do that?  I want to eat my Dog Food first before I roll out to Customers.  Any work around ?

Occasional Contributor

I am having the same issue as @ChrisMooreGB. Any ideas?

Regular Visitor

It's good to know I'm not alone @Renzo Patricio Carpio , thanks for your comment.

@Jon Maunderor any others on the Microsoft team, can you offer any help on this please? There are now at least two of us with apparently the same authentication issue which needs fixing, both from our perspective and from Microsoft's to understand and resolve. That's surely one of the points of a Public Preview release??!



Hi @ChrisMooreGB, and @Renzo Patricio Carpio. Thanks for providing feedback, apologies for the delay. I've reached out to our support teams for advice and will have someone take a look and engage to get you the answers you're looking for.  

Regular Visitor

Thanks @Jon Maunder , I'll look forward to hearing from them. Apart from our current issue the tool itself looks great!


@Suresh Ramani - Unfortunately it is not possible to create the DAP that is needed on the same tenant that Lighthouse resides in.

Occasional Visitor


@Jon Maunder , same issue as ChrisMooreGB and Renzo Patricio Carpio.

*All panes on the Home page show 'Access restriction - Insufficient or lack of permissions is causing access restriction'
*The Tenants page just shows a single error message 'Unauthorized to view data'


I really hope the team will be able to find the fix!





@ChrisMooreGB and @Renzo Patricio Carpio - best mechanism to reach the support team for M365 Lighthouse is via the official channels: Get help and support for Microsoft 365 Lighthouse - Microsoft 365 Lighthouse | Microsoft Docs. It's best to submit a ticket through the channels listed and ensure you describe the issue with "Microsoft 365 Lighthouse" to land with our support delivery teams supporting Lighthouse.


@Pixelvin - as above I recommend logging with support so they can manage and assist with your issue. Get help and support for Microsoft 365 Lighthouse - Microsoft 365 Lighthouse | Microsoft Docs. Many thanks

Senior Member



I may be wrong(it's been known) - but its my understanding that Microsoft 365 Business Premium does not include any Anti-Virus over and above the Windows Defender which is provided with new machines anyway.  However, this cannot be managed through MEM.


There is an option to add Microsoft Defender for Endpoint -  £3.90 per user per month!!


You do get Microsoft Defender for Office 365 i.e: AntiSPAM.


PS: I would love to be wrong on this, as i am finding it difficult to justify the security tagline when it doesn't include any additional AV or management capability without buying an additional product.


Kind Regards




Hello guys, anyone else was able to find the issue with "Insufficient or lack of permissions is causing access restriction."

I am experiencing the same issues as everyone else. Support cannot find the trick and are dodging my questions and request. Wondering if anyone was able to successfully resolve this issue. @Jon Maunder @ChrisMooreGB @ChrisMooreGB any input is appreciated.

Occasional Visitor

Same "Insufficient or lack of permissions is causing access restriction." issue. Have created a support request for this with our CSP IngramMicro, but I am sure there is a role or permission that is not set right and could be easily described here.

Occasional Visitor

Following as I signed up and have the same "Insufficient or lack of permissions is causing access restriction." issue. :(
Is anyone actually using this product outside of Microsoft?


Hi @SkyBridge@MKD8951@TimWelchNZ - thanks for your feedback during this Preview stage of the product. I'd mentioned in previous messages above that the best mechanism to reach the support team for M365 Lighthouse is via the official channels: Get help and support for Microsoft 365 Lighthouse - Microsoft 365 Lighthouse | Microsoft Docs. Submit a ticket through the channels listed and ensure you describe the issue with "Microsoft 365 Lighthouse" to land with our support delivery teams supporting Lighthouse. With the permissions issue, do the docs help on this topic or is it unrelated? Configure Microsoft 365 Lighthouse portal security - Microsoft 365 Lighthouse | Microsoft Docs 


Hello @Jon Maunder @MKD8951 @TimWelchNZ 

I opened a ticket with MSFT and they are supporting me. They have taken screenshots and validating the configuration. It seems that it is an on-going issue with the multiple partners and there is no solution yet. The engineer working with me mentioned that we I will get contacted as soon as there is a solution on this ang get any feedback from the product team. 

Occasional Visitor

Thanks @SkyBridge - reporting your findings back to here is very proactive and is much appreciated as there doesn't seem much point in us all logging the same support call to get the same answer.


Edit: My portal appears to have started working this morning without me doing or changing anything. 

Hi @Jon Maunder, after couple of days waiting the portal works for us. But reliability is still a question.


Is there please some roadmap or Known Issues article? I enter in product feedback, UserVoice item, fill Get Help feedback to report that for example Czech characters does not work in portal correctly. Which kind of limiting us in usage, because most of user or company names contain diacritics and all the "???" or Unicode blank squares instead of character make it unusable.


And if there will be some future also for Enterprise or other licenses, we will be more then happy. Thanks.

Occasional Visitor

Ok, so here's a skinny on how microsoft splits things up...

Tenants house a cloud of data including AD\Azure, with domains, subdomains etc, all containing the services and data that a particular set of people might use in their business.  That does not mean that this must be a top level domain, it can be a subdomain to begin with.  Each pricing plan for microsoft is designed to fit common scale and business sizes for given access levels, with addons and other attachments that allow you to link users across tenants, without adding to the number of "users" within the tenant.  By allowing them to be utilized as "Guests" from another subdomain, the level of access can be controlled, expanded\contracted, and generally segmented to prevent a small disaster from becoming much larger much faster.  The more you keep in a single tenant, the more you will lose when there is a disaster.

Companies and corporate businesses are usually segmented on their own, and segmenting the software solutions is only natural, to keep a disaster in any department or branch from becoming the death of the company.

When setting up email addresses, it's usually best to abbreviate company names or primary web address, then add a dot or other separator, and then a subdomain, followed by the suffix.  EG for  which gives your company the easiest email schema to remember, and makes it easy for new clients to type in.  The subdomain can be a main domain for the business or just a department, providing webpage, and other service connections.

By segmenting the tenants among company, geography, department, even building or office with their own domain, you can use tools in each tenant to push data out to other tennants, and add guests to each tenant that include users or groups of another.  This allows them to share services, files and work easily with others in each department, who then hand those out to their own tenant.  This keeps numbers in each tenant down, and allows for security services like defender to function reliably in each tenant.

Designing your cloud structure is key.  Use the logical build of the business to give you some guidelines.  Add guest access from other tenants, to allow department heads or higher officers to delegate a relegate work between departments etc with their own login.  It works.  You just have to do a little more thinking about which services to purchase, which addons you'll need, etc.

Version history
Last update:
‎Jul 13 2021 03:08 PM
Updated by: