Skip to main content

Connecting Atria to Microsoft Directly

Overview

Atria requires a secure connection to Microsoft in order to automate tasks for Microsoft Tenants. This article describes how to setup a secure connection and configure Atria with the keys needed to utilize this connection.

Before you Start

Pre-requisites: you will need all of the following:

  1. An Admin account within the AzureAD tenant, which is used to access and creation connection.
  2. In accordance with Microsoft guidelines, this account must be protected by Multi-Factor Authentication. Please ensure this is set up or this process will fail.
  3. The ability to start a PowerShell Session on an internet-connected computer.
  4. Service Provider Administrator access to your Atria instance.
  5. The Service Schema must be installed and configured prior to connecting to PartnerCenter, refer to the following article: Microsoft Online Service Deployment.

Process

A script is run which performs the following tasks.

  1. Connects to AzureAD
  2. Prompts the user for an Application Name
  3. Creates an “Application” object in AzureAD
  4. Grants the new Application permissions within AzureAD
  5. Generates the required tokens needed for Atria to connect to the application securely.

To run the script

  1. Start an elevated PowerShell session.

  2. Run the following commands:

    • Install-Module -Name Microsoft.Graph
    • Install-Module -Name PKCE
    • Get-Module -ListAvailable - To verify that the modules are installed using the command

  3. Execute the script to create an application object in AzureAD.

info

Script Location C:\inetpub\Automate101\Atria\Atria Web Services\create-new-direct-azure-app-mggraph.ps1

Direct Microsoft Connection Script

  1. You will be prompted to authenticate, use the service account prepared earlier, and complete the 2-factor authentication when challenged.

Direct Microsoft Connection Authentication Prompt

  1. You will be prompted to enter a name for the application registration. The default is “Atria MSOL Application” - choose an application registration name that is distinctive and meaningful.

Direct Microsoft Connection Application Registration

  1. If the Application registration already exists from a pervious install, we will ask if you want to use it or create a new application, go back to step 5. The Application registration will be created and also the service principle with the required permissions, with a secret.

Direct Microsoft Connection Service Principal

  1. You will be prompted a second time – go through the authentication process again, using the same credentials you used earlier.
  2. Followed by a prompt with a permissions request for your Application. Which will grant permissions for the Application registration and also generate a refresh token

Partner Center Connection Permissions

  1. You will also be asked if you want to install the Exchange App registration. If you agree, repeat from step 5 with the default application name of “Atria MSOL Application Exchange Online”

Partner Center Connection Exchange Application Registration

tip

You will need at least one license in your tenant that can use Exchange Online, for the Exchange Online Application to be created and configured correctly

  1. The script will complete and output the following credentials. Please make a note of these as they will be used in a later step.
    1. Tenant ID
    2. Tenant User Id
    3. Tenant User Name
    4. Application ID
    5. Application Secret
    6. RefreshToken
    7. Exchange Application ID
    8. Exchange ApplicationSecret
    9. Exchange RefreshToken

Microsoft Online Direct Connection Setup Script Example

Partner Center Connection Script

  1. Head back to Atria and navigate to Services > Microsoft Online > Microsoft Connections.
  2. Click Add.
  3. Enter the details recorded earlier.
Microsoft Connection Creation
Property/ValueComments
LabelFree form name for this connection
Partner TypeSelect direct
CustomerSelect the customer in Atria for which you want to connect Microsoft to
RegionSelect the region for this Microsoft Connection - this will be the region in which your tenant is registered.
Tenant IDCopy from script output - this is the TenantID for your AzureAD
Tenant User IdCopy from the script output - this is the GUID for the user that ran the script
Tenant User NameThis is the account used to register the application and create the exchange online token
Application IDCopy from the script output – this is the Unique identifier for the application created in Azure.
Application SecretCopy from the script output.
Refresh TokenCopy from the script output.
Exchange Application IDCopy from the script output.
Exchange Application SecretCopy from the script output.
Exchange Refresh tokenCopy from the script output.

The screen should look something like the below – press Save and your connection should be set up and ready to go!

Microsoft Direct Connection Add

Sync Microsoft Offerings

  1. On the Atria Menu, navigate to Services > Microsoft Online > Offer Management
  2. Select the desired connection and press Sync Offers From Microsoft. img

After configuring this, you may now proceed to Setup Customer Plans to begin configuring the Microsoft Online service.