Hi,
i'm working for a MSP who has two Microsoft Tenants, one company tenant (M365, own company Azure resources..) and one CSP tenant (used to manage customers).
We are currently implementing Azure Lighthouse to manage our customers to get rid of guest accounts and directory switching into customer tenants.
The current strategy is to use the CSP Tenant as a management enviroment for all Azure Resources - Customers as well as own company resources. Therefore, every employee who has to manage Azure, gets an additional user in this CSP Tenant.
I'm sceptical if this is the right decision, because this leds to an increased management effort, because we need to manage an additional tenant and manage additional users which have additional license costs.
Our governance team decided to separate it for security reasons.
My question is if it is a common approach for CSPs to separate it's own company tenant and CSP management tenant, OR should a CSP use it's company tenant for internal workloads as well as for managing customers?
Is there any guidance or recommendation regarding this question?
BR