Connecting Atria to Microsoft Partner Center

Connecting Atria to Microsoft Partner Center

As of October 2023, Microsoft no longer supports DAP. We have updated the scripts within the platform as of 15.16 to create new GDAP level permissions. Please see below for more information.


Objective

This article shows you how to set up a secure connection to Microsoft Partner Center which will be used for Atria to automate processes in Partner Center.  The process itself should take less than 5 minutes to complete.
Note: Before Atria can be used to manage your Office 365 subscriptions a secure connection to Partner Center must be created.

Cloud Solution Provider Program (CSP)

You must be set up as a Microsoft CSP partner – to do this you need to first be signed up as a Microsoft Partner and be enrolled in the CSP program.  This second step is important as it grants you the permissions needed to automate processes within your customers.  For more information on the Microsoft Cloud Solution Provider Program, refer to https://docs.microsoft.com/en-us/partner-center/enrolling-in-the-csp-program

This process applies to both :
  1. Direct CSP Resellers (where you are able to create tenants and subscriptions)
  2. Indirect CSP Resellers (where you purchase Microsoft subscriptions through a Microsoft Distributor – also known as an Indirect CSP Provider)
Where possible, Atria performs similar functions for both types of CSP partners.   Please note that Atria is unable to create tenants or subscriptions for Indirect CSP Resellers – this is handled via your chosen Microsoft distributor, once they are created, Atria can “connect” to those tenants.

Before you Start

  1. Service Account account within the AzureAD tenant that is used to access and manage your customers within a group with the relevant GDAP permissions.
    For more information on GDAP, please see this KB - Microsoft Online - How does GDAP apply to Atria?
  2. In accordance with Microsoft guidelines, this account must be protected by Multi-Factor Authentication.  Please ensure this is set up.
  3. Ability to start a PowerShell Session on an internet-connected computer
  4. Service Provider Administrator access to your Atria instance.
  5. The Service Schema must be installed and configured prior to connecting to PartnerCenter, refer to the following article: Microsoft Online Service Deployment

Process

A script is run which performs the following tasks.
  1. Prompts the user for an Application Name
  2. Connects to AzureAD 
  3. Creates an “Application” object in AzureAD 
  4. Grants the new Application permissions within AzureAD
  5. Generates the required tokens needed for Atria to connect to the application securely.
To run the script
  1. Start a PowerShell session – run as administrator:
  2. Install the following modules:
    1. Install-Module PartnerCenter 
    2. Install-Module -Name MSOnline 
    3. Install-Module AzureAD 
    4. Verify that the modules are installed using the command Get-Module -ListAvailable <module name>


  3. Execute the script to create an application object in AzureAD
    1. Script Location - C:\inetpub\Automate101\Atria\Atria Web Services\Msol\create-new-azure-app-mggraph.ps1 
    2. DisplayName you will be prompted to enter a name for the application.  We have called it “Atria MSOL Application”
      1. Make the application unique as much as possible, each new connection should use a new name.
  4. You will be prompted to authenticate, use the Global admin account prepared earlier, complete the 2-factor authentication when challenged.
  5. You will be prompted a second time – go through the authentication process again, using the same credentials you used earlier.
  6. You will be prompted with a Permissions Requested for your Application:
  7. Scroll to the bottom – and click on “Accept”
  8. The script will complete and should output something like the following: (Copy this into a text file. This will be used later to setup Partner Connection in Atria)
  9. Execute the script to create an Exchange Online Token
    1. Script Location - C:\inetpub\Automate101\Atria\Atria Web Services\Msol\create-new-exchange-app-mggraph.ps1
  10. You will be prompted to login with your partner center account - use the same account with the create an application object 
  11. After logging in, it will prompt in the powershell to run the device login. Open the link- https://microsoft.com/devicelogin and enter the code given
  12. After logging in, it will prompt to login again with the partner account. Then the exchange online token will be generated. (Copy this into a text editor.  This will be used later to setup Partner Connection in Atria)
  13. Log in to Atria as a Service Provider administrator
  14. Find the menu Services > Microsoft Online > Partner Center Connections
  15. Click on New Partner Center Connections
  16. Extract the details and enter into the Partner Center Connection Page
                  a. Label – Free form name for this connection
                  b. Partner Type – If you are a direct Microsoft partner, select Tier1, all other cases, select Tier2.
                  c. Region – select the region for this Microsoft Partner Center Connection -  this will be the region in which your PartnerCenter account is registered.
                  d. Tenant Test User Name - This is the name of the user that is generated within each tenant by Atria               
By default this will be “atriatest” – the user will be generated with the account name atriatest@<tenant code>.onmicrosoft.com
This Tenant Test User is being used to test connection to Azure AD when provisioning and also is being used to test passwords when provisioning users with MSOL.
We recommend that this Tenant Test User be kept as is and not be deleted. If accidentally deleted, reprovisioning the Azure AD service on the customer level puts the test user back.
                  e. PartnerID – copy from script output  - this is your TenantID for your AzureAD
                  f. Partner UserID – copy from the script output - this is the GUID for the user that ran the script
                  g. Partner User Name - this is the account used to register the application and create the exchange online token
                  h. Application ID – copy from the script output – this is the Unique identified for the application that has been created in Azure.
                  i. Application Secret – copy from the script output
                  j. Refresh Token – copy from the script output
                  k.Exchange Application ID copy from the script output
                  l. Exchange Application Secret - copy from the script output
                  m. Exchange Refresh token - copy from the script output (exchange online token)

The screen should look something like the below – press Save and your connection should be set up and ready to go!



      13. Sync Partner Center Offerings - On the Atria Menu, navigate to Services > Microsoft Online > Offer Management



After configuring this, you may now proceed with the following article Microsoft Online Service Provisioning

    • Related Articles

    • Microsoft Online Service Planning

      Overview The Microsoft Online Service for Atria allows Customers and the service desk to manage tenants, licenses, users and features of Office 365 – with no access to the 365 admin portal. It reduces your risk, while still being able to effectively ...

    • Microsoft Online - How to configure your Customer plan

      Overview The Microsoft Online service within Atria has been designed from the Ground Up with Customization and flexibility in mind. This means, that it can likely cater with most configuration scenarios you may come across with Microsoft Online ...

    • Microsoft Online Group Management in Atria

      Introduction to Group Management Groups are a fundamental feature used to control access and make information sharing easier.  In the Microsoft 365 platform, there are four core group types, all of which have a core component in Azure AD.  Many ...

    • Microsoft Online - How does GDAP apply to Atria?

      Objective This guide is to outline how GDAP applies within Atria, as well as the changes introduced by the migration to MG Graph. What's GDAP? GDAP is a change introduced by Microsoft which improved security by Microsoft Partner Center. To sum this ...

    • Microsoft Online - Adding a new item to the Catalog

      Overview Within Atria, you are able to create and manage catalogs per partner center. This is a quick reference guide in how to add a new  1. Navigate to your Atria Environment. 2. Click "Services" 3. Click "Microsoft Online" 4. Click "Catalog ...