Microsoft Online Service Provisioning

Microsoft Online Service Provisioning

Objective

This article provides a guide to configuring and provisioning the Microsoft Online Service within the Atria Platform. 

Before you Start

  1. After setting up the connection to Partner Center, update the service' customer plan- Service Deployments > AD Location Services > AzureAD > Customer Plans
    1. Enable the partner center 
    2. Enable the sync policy
    3. If using ADFS, enable ADFS Policy  - Configuration for ADFS is available in the following article: Configuring Microsoft Online with ADFS
            
            

Provision the AzureAD and Microsoft Online service on the Service Provider Level

  1. From the Atria Menu, choose Customers
  2. On the list of customers, expand the Service Provider and then click services
  3. Expand reseller and then tick/enable AzureAD
    1. Verify the details of the service setup and then Apply Changes
  4. Provision the reseller service
  5. Expand reseller and then tick/enable Microsoft Online
    1. Verify the details of the service setup and then Apply Changes
  6. Provision the reseller service

Notes
Please follow the sequence of provisioning the service. There are dependencies related to AzureAD and MSOL services

After provisioning this on the service provider level, this will then allow it to be offered to Customers.

Provision the AzureAD and Microsoft Online service to Customer

Creating a New AzureAD/Office 365 Tenant (Direct CSP only)
Direct CSP’s are able to create new Office 365 tenants directly from within Atria.  In order to create a new tenant, you must have;
  1. Correctly configured a direct Provider (Tier1) Partner Center connection and selected this in an Azure AD service Customer Plan.
  2. Enabled a reseller to utilize the above Customer Plan.
Provision an Existing Atria Customer with Azure AD & Microsoft Services
  1. From the Atria Menu, choose Customers
  2. On the list of customers, expand the Customer and then click services
  3. Expand Azure AD
  4. Select the Customer Plan with the Direct Partner Center Connection
  5. Click on “Create New Tenant”
  6. Select a Microsoft Domain (this needs to be a unique code that will be granted an .onmicrosoft.com sub-domain)
    1. Enter the desired name 
    2. Click on verify to ensure it is available
    3. If not available, adjust the name
    4. Repeat until a unique name has been found
  7. Complete the required customer details
  8. Check the “Terms and Conditions” Accepted by customer box – enter the details of the customer's signatory who has read and accepted the Microsoft Customer Terms.
  9. Review inputs and provision
  10. After provisioning AzureAD service to the customer, expand Microsoft Online and Provision

Connecting to an existing Office 365 tenant (Direct and In-Direct Partners)
The Azure AD service in Atria is used to connect an existing Atria Customer with an Azure AD/Office 365 tenant.  The connect process allows the user to execute a real-time search via Partner Center to locate the tenant.



Once the tenant has been selected, select Provision to connect the Azure AD tenant to the Atria Customer.

Alert
Note that there can be a longer than expected delay when pressing the Provision button before the provisioning request is made.

Customer Agreement

The Customer agreement is between Microsoft and the end-customer who is consuming the Microsoft service.
Alert
Subscriptions cannot be created until the agreement has been signed and a record of the agreement being signed has been made within Partner Center.
The agreement can be recorded in Partner Center from within the Azure AD Service. if it has already been signed by the customer – the agreement will be retrieved and shown.  

Enabling the customer to consume Microsoft Services

Once the Azure AD service has been provisioned to the customer, the Atria customer is now bound to an Azure AD tenant.  The Microsoft Online (MSOL) service is used to control the plans that can be provisioned to end-users.  For information on setting up plans – make sure you read the article Configuring Microsoft Online User Plans

When you first expand the Microsoft Online Service – it will run a realtime query against Microsoft PartnerCenter to retrieve all the licenses associated with the tenant – these are listed for reference.  

If you are an Indirect Partner, this is a good way of seeing if there are free licenses available to assign to end-users.  For Direct Partners, if Manage Licenses has been enabled at the Azure AD Customer plan used to provision the Azure AD service – then the system will automatically provision licenses if they are needed. 

Expand the “Advanced Settings” to expose the different plans – check the plans that you want to available for provisioning within this customer.

Notes
Note that you can set a hard limit on the plans if needed, this will restrict the quantity of users that the customer can provision themselves.


The “Azure AD User Only” Service is a special service – this allows a user to be created in Azure AD without any licenses being assigned.

Select Provision to complete the customer setup.

Alert
Once an Atria Customer has been “connected” to an Azure AD tenant, the sync function within Atria will retrieve all users and licenses from Azure AD and synchronize these with Atria.  This function executes using configuration defined in a Sync Policy.  For more details on the Sync Function please review the following KB article:  Synchronizing Atria with Microsoft Online

Provisioning Users with Microsoft Services

Once the tenant has been set up, provisioning users is simple.  

For Indirect providers, you will not be able to provision users with licenses unless there are licenses available within the tenant that are free for allocation.  To check go to the Customer level Microsoft Online Service:



Provisioning a new user

When the service is first provisioned, Atria will provision a user into Azure AD.  As part of the provisioning process, Atria will look in Azure AD to see if there is a pre-existing user that matches the user's UPN.  If so, the Azure AD user will be linked back to the Atria user.

If the user does not exist, Atria will provision a new user into Azure AD.  If the domain used by the users UPN exists in Azure AD, then a matching UPN will be created.  If the domain is not active – the default onmicrosoft.com domain will be used to create a Username for the user.  

Scenario
  1. User Ella with upn of ella@unicorns.com
  2. Unicorns.com not validated within the Azure AD tenant
  3. Onmicrosoft.com domain of unicorns.onmicrosoft.com
When user Ella is provisioned with Microsoft Online Service
  1. UPN will be generated of ella@unicorns.onmicrosoft.com
Passwords
When users are provisioned in Azure, a new password is generated.  This will be displayed prior to provisioning.  You can also configure Atria notifications to email the password. 
IdeaTips: It may be easier to get your domains configured in Azure AD before you start provisioning users, if you add domains to Azure later, then on re-provisioning of users, their UPNs will get changed to match the UPN configured against the user in Atria.  

User Provisioning Steps

  1. From the Atria Menu, choose Customers then click on Users
  2. Expand the User and click on Services
  3. Expand Microsoft Online, select the  User Plan and Provision
  4. Take note of the temporary password, this will be the one to be used by the user on logging in
           


Warning
Waiting for setup of Office 365
After provisioning a user with a service plan which includes Exchange Online there is likely to be a short delay while mailbox services are provisioned.  Although the license assignment is signaled as complete within Microsoft and Atria, this does not mean the mailbox is ready!  This duration is extended for the initial setup of Exchange online (occurs when the first user is assigned a subscription)
While this is ongoing, provisioning requests may fail – for example, adding email aliases to a user may fail.  The time this process takes can be fast, but can also take hours.  We have tuned our processes from our testing, but this may need further refinement with time.


    • Related Articles

    • Microsoft Online Service Planning

      Overview The Microsoft Online Service for Atria allows Customers and the service desk to manage tenants, licenses, users and features of Office 365 – with no access to the 365 admin portal. It reduces your risk, while still being able to effectively ...

    • Microsoft Online Service Deployment

      Objective This article provides a guide to installing the Microsoft Online (MSOL) service into the Atria Platform. Web Service and Schema Installation The first step for the deployment of any new Service is to install the Web Service (if required) ...

    • Connecting Atria to Microsoft Partner Center

      As of October 2023, Microsoft no longer supports DAP. We have updated the scripts within the platform as of 15.16 to create new GDAP level permissions. Please see below for more information. Objective This article shows you how to set up a secure ...

    • Microsoft Online - How to configure your Customer plan

      Overview The Microsoft Online service within Atria has been designed from the Ground Up with Customization and flexibility in mind. This means, that it can likely cater with most configuration scenarios you may come across with Microsoft Online ...

    • Microsoft Online Group Management in Atria

      Introduction to Group Management Groups are a fundamental feature used to control access and make information sharing easier.  In the Microsoft 365 platform, there are four core group types, all of which have a core component in Azure AD.  Many ...