Connecting Atria to Microsoft PartnerCenter

Applies to

Atria 15.16 and later Azure AD (Entra) Service, Microsoft Online Service

note

If you are using an release of Atria prior to 15.16 and are enabling Microsoft Online, Subscription Management or Workspace Entra management, you will need to upgrade to the latest release version before performing this setup.

Overview

Atria requires a secure connection to Microsoft Partner Center in order to automate tasks for Microsoft Tenants. This article describes how to setup a secure connection and configure Atria with the keys needed to utilise this connection. This article assumes the reader has an understanding of GDAP.

Cloud Solution Provider Program (CSP)

You must be set up as a Microsoft CSP partner – You must be signed up as a Microsoft Partner and be enrolled in the Microsoft Cloud Solution Provider (CSP) program. The second step is important as it grants you the permissions needed to automate processes within your customers.

For more information, refer to Microsoft Cloud Solution Provider Program

This process applies to both :

1. Direct CSP Resellers (where you are able to create tenants and subscriptions and pay Microsoft directly for subscriptions)
2. Indirect CSP Resellers (where you purchase subscriptions through a Microsoft Distributor – also known as an Indirect CSP Provider)

Where possible, Atria performs similar functions for both types of CSP partners, however some functions are only available to Direct CSP Resellers. Atria is unable to create tenants or subscriptions for Indirect CSP Resellers – this is handled via your Microsoft distributor. Once tenants and subscriptions have been created, Atria can then “connect” to and manage those tenants.

Before you Start

Pre-requisites: you will need all of the following:

1. A Service Account account within the AzureAD tenant that is used to access and manage your customers within a group with the relevant GDAP permissions.

info

For more information on GDAP, please view the following - Microsoft Online - How does GDAP apply to Atria?

2. In accordance with Microsoft guidelines, this account must be protected by Multi-Factor Authentication. Please ensure this is set up or this process will fail.
3. The ability to start a PowerShell Session on an internet-connected computer
4. Service Provider Administrator access to your Atria instance.
5. The Service Schema must be installed and configured prior to connecting to PartnerCenter, refer to the following article: Microsoft Online Service Deployment

Process

A script is run which performs the following tasks.

1. Prompts the user for an Application Name
2. Connects to AzureAD
3. Creates an “Application” object in AzureAD
4. Grants the new Application permissions within AzureAD
5. Generates the required tokens needed for Atria to connect to the application securely.

To run the script

1. Start an elevated PowerShell session.
2. Run the following commands:
   • Install-Module PartnerCenter
   • Install-Module -Name MSOnline
   • Install-Module AzureAD
   • Verify that the modules are installed using the command

   Get-Module -ListAvailable
3. Execute the script to create an application object in AzureAD:

• Script Location C:\inetpub\Automate101\Atria\Atria Web Services\Msol\create-new-azure-app-mggraph.ps1
• DisplayName : you will be prompted to enter a name for the application. We have called it “Atria MSOL Application” - choose an application name that is distinctive and meaningful.

4. You will be prompted to authenticate, use the service account prepared earlier, and complete the 2-factor authentication when challenged.
5. You will be prompted a second time – go through the authentication process again, using the same credentials you used earlier.
6. You will be prompted with a permissions request for your Application.

7. Scroll to the bottom – and click on “Accept”.
8. Naviagate back to the script and press enter.
9. The script will complete and output the following credentials. Please make a note of these as they will be used in a later step.
   1. Partner ID
   2. Partner User ID
   3. Application ID
   4. ApplicationSecret
   5. RefreshToken

note

You will also be prompted to install the Exchange App registration. This will run the script in the next step:

10. If not started in the previous step, execute the following script to create an Exchange Online Token. C:\inetpub\Automate101\Atria\Atria Web Services\Msol\create-new-exchange-app-mggraph.ps1
11. You will be prompted to login with your service account - use the same account as used when creating the application object.
12. After logging in, it will prompt in powershell to run the device login. This may open in your browser automatically, but if not, open the link provided in the script.

13. Login again using the service account and accept the permissions request.

14. The script will complete and output the following credentials. Please also make a note of these as they will be used in a later step.
    1. Application ID
    2. ApplicationSecret
    3. RefreshToken

15. Head back to Atria and navigate to Services > Microsoft Online > Partner Center Connections.
16. Click Add.
17. Enter the details recorded earlier.

Property/Value	Comments
Label	Free form name for this connection
Partner Type	If you are a direct Microsoft partner, select Tier 1. All other cases, select Tier 2.
Region	Select the region for this Microsoft Partner Center Connection - this will be the region in which your PartnerCenter account is registered.
PartnerID	Copy from script output - this is the TenantID for your AzureAD
Partner UserID	Copy from the script output - this is the GUID for the user that ran the script
Partner User Name	This is the account used to register the application and create the exchange online token
Application ID	Copy from the script output – this is the Unique identifier for the application created in Azure.
Application Secret	Copy from the script output.
Refresh Token	Copy from the script output.
Exchange Application ID	Copy from the script output.
Exchange Application Secret	Copy from the script output.
Exchange Refresh token	Copy from the script output.

The screen should look something like the below – press Save and your connection should be set up and ready to go!

Sync PartnerCenter Offerings

1. On the Atria Menu, navigate to Services > Microsoft Online > Offer Management
2. Select the desired connection and press Sync Offers From Partner Center.

After configuring this, you may now proceed to Subscription Management if you would like to configure subscriptions, or Setup Customer Plans to begin configuring the Microsoft Online service.