Hero Banner

Microsoft AppSource and Azure Marketplace

Learn how to grow your business by publishing your cloud solution on Microsoft AppSource and Azure Marketplace

Reply
Microsoft

Azure Application Offer - Removing publisher's access rights for managed application offer

I have a scenario for a public sector customer where they would not want the publisher to manage the resources under to the managed application offer. Is it possible to not include the access rights? 

 

The need to create under Managed Applications offer is the use of custom metering which is not available under Solution Template.

7 REPLIES 7
Microsoft

Maybe publish it again with different permissions as Private offering?

You can also give the customers the option to remove delegations after solution was published: 

https://docs.microsoft.com/en-us/azure/lighthouse/concepts/managed-services-offers#public-and-private-offers 

 

You can remove access to a delegation after a customer accepts an offer only if you included an Authorization with the Role Definition set to Managed Services Registration Assignment Delete Role when you published the offer. You can also reach out to the customer and ask them to remove your access.

Kind regards,
Janosch
Microsoft

Hi Janosch, 

 

The above links are related to a Managed Services offering. Does this also work with a Managed Application offer under Azure Application Offer?

Microsoft

Somehow I did read Managed Services - maybe because I worked in parallel on a similar topic, but managed services, not apps. 

For Managed Apps I think the right app roach would be to use JIT: https://docs.microsoft.com/en-us/azure/azure-resource-manager/managed-applications/approve-just-in-time-access 

Kind regards,
Janosch
Microsoft

Hi Janosch, 

 

This scenario is unique as the partner would want to use our custom metering to facilitate the billing of API/metric call from the solution through Microsoft. However, the engagement model of this customer is that this solution would be entirely managed by the customer themselves without the partner after deploying in the customer's azure tenant.

Microsoft

This sounds like Managed App is not the right model at all - in this case maybe just deliver the solution/template directly to the customer. Managed App by definition means that the Partner is managing it.

Kind regards,
Janosch
Microsoft

I did explored Solution Template but it will not be eligible to use custom metering. Is my understanding correct?

Microsoft

Yes

Kind regards,
Janosch