Forum Widgets
Latest Discussions
Configuring the Secure App Model for PowerShell / API / Graph scripting with GDAP for Partners
Hi whomever may find this! With the old MS Partner Community Forums going read-only as of March 8th, 2023 I thought I'd post a few useful links here in case someone is searching and unable to post on the old forums. The 2 main GDAP related threads on the old forum that feature info on getting Secure App Model to work with GDAP and the Exchange Online V3 PowerShell module (with the ExO automation App ID: a0c73c16-a7e3-4564-9a95-2bdf47383716 being retired eventually) are: MS Graph/Secure App and GDAP Exch Online V3 and Secure App These are both long threads, lots of info in a meandering kind of way. They disappeared after June 30th, 2023 - so these are links to the Internet Archive's WaybackMachine. But they're how we worked it all out - so useful background. So the best place to find current, step-by-step instructions for getting things to work is this post: My Automations Break with GDAP: The Fix! It appears Nick has collected up all the info from the above 2 links, tested it, and made a fairly complete blog post, so start there. (note: for the ExO V3 stuff you must use the Customer's initial onmicrosoft.com domain for things to work properly) Big thanks to him! Nick has 2 additional posts that may be of interest as well. One on Leveraging APIs for unattended Automation. And one on Updating the GDAP Consents across all your Customers. For some background info you can check out some of these links: The code leverages the The Secure App Model. It can be implemented in PowerShell. Setting it up involves a few steps. But many (most?) of us likely followed Kelvin's post on CyberDrain (or Gavsto has a simple introduction too) ... originally. Though still useful background info these links have lots of outdated info, eg. they still reference Msol and AzureAD commands, but you can still mostly use them to follow along. There's also a post about securely storing secrets, like the RefreshTokens. For CURRENT info, use the link above for GDAP + Secure App Model. Msol/MSOnline doesn't work with GDAP and AzureAD uses the old AzureAD Graph which is also being retired (use MS Graph instead, which works with GDAP). Remember: RefreshTokens are good for 90 days, redeem them for an AccessToken which is good for 60 mins. After 60 mins get another one. Before 90 days are up, get an AccessToken (which always includes a new RefreshToken) and save it instead of the old one. You can repeat that forever. But you may need to restart the process if the account you used initially changes its password - so use a dedicated account. For: Exchange Online and the Exchange Online Management V3 module and you can refer to the posts in this forum, since there are mistakes and omissions in the official MS docs. Main error: use the original .onmicrosoft.com domain as the CustomerTenantID when connecting with Connect-ExchangeOnline If you use their public customer.com or their TenantID (Guid) it will work inconsistently, and you'll have problem writing (reading may work) The Secure App Model mainly uses Delegated permissions, see: App-Only vs Delegated Permissions and there's more info here. Any Graph API calls will list Permissions needed depending on if you're using Delegated or Application, with GET /users/{id} for example. We generally use Delegated since we're accessing on behalf of Customers. You'll need to ensure your Secure App Registration has the required Graph permissions AND so does your customer Consent. Hopefully that helps someone! --Saul [Edited to add the WaybackMachine links and Nick's new posts]Resolved - CDX / demos.microsoft.com "Not Authorized" error #CDX
Just wanted to put it out there a recent issue I faced while accessing CDX tool (https://demos.microsoft.com). When logged in using my work account it errored out with below error: This message is quite misleading, as I do have a Partner account. Thankfully, I found an article: Can't access cdx.transform.microsoft.com "Not Authorized" - Microsoft Community I had to: i. Launch https://mysignins.microsoft.com/security-info in incognito mode and Sign in with your work account to re-enforce MFA-based login. ii. Then launch https://cdx.transform.microsoft.com and enable third party cookies for this website. Then it gives the below Login Failed page which makes more sense (as it turns out, it was CDX who was missing some permissions required and not the other way around, lol. Ideally, if it pointed out the below error message by default without requiring above steps, it would have been a lot easier to get to the resolution): In my case, MFA was enforced and Cookies were already allowed. The last step was to click on the "by clicking on this link" hyperlink to allow Consent to the user permissions required by CDX tool. This can by done by the end user itself. Once consent is provided using the link, the tool is accessible in normal Browser mode. Note: If all users in the tenant are not able to access CDX, then Global Admin needs to follow the "by clicking on this link" to provide consent to CDX permissions. In this case you might get a "Consent" page upfront instead of above errors to request for consent from Global admin to "transform.microsoft.com". #CDX
Our solution partner designation under threat as scores are not getting updated.!!
We have a major issue with the solution partner not updating the points against the performance and customer success categories. We have added several customers and deployments, however it just shows 0 for the above categories. The Cloud product performance report though clearly shows all customers and seats and values, it simply doesnt update the score. We had opened a case with microsoft 6 months back and have already provided all the details requested however the front line support always sends a response every 2 days that there backend team is looking into the issue. No other updates for last 5 months. We are amused how bad the support is for Microsoft partners who dont have a premier support and no SLA's whatsoever (Except for sending same response copy and paste every 2 days). Want some one responsible to please look into this and highlight whats wrong as our membership is under threat. Appreciate any help in this regards.Join the next IAMCP partner meeting January 23
You're invited to join us in-person or virtually on January 23! IAMCP's TOLA Chapter (Texas, Oklahoma, Louisiana, Arkansas) rotates monthly and hosts chapter meetings in Austin, Houston and Dallas. All meetings are hybrid and anyone is welcome to attend, no matter where you are! 😃 Join us online or in-person (lunch included) in Houston at the Microsoft office - 750 Town and Country Blvd., Ste. 1000 Houston, Texas 77024 11:00am-1:00pm CST Register Here >
PartnerCenter Rest Api WebHooks
Hi everyone, I’m using the webhooks of partnercenter rest api, but there is a problem compared to what described in the technical specifications. In the documentation https://learn.microsoft.com/en-us/partner-center/developer/partner-center-webhook-events#createtransfer-event it is specified that the ResourceUri consists of "{baseURL}/webhooks/v{version}/customers/{customer_id}/transfers/{transfer_id}" but this is not the case! The notifications come with a ResourceUri "{baseURL}/webhooks/v{version}/customers/{customer_id}" and this creates a problem as it is not possible to trace the TrasferId in a safe way. Please can someone fix it?Question about the new Partner Benefits options
We are a small ISV that has been in the Partner program (Now CSP) almost since it's beginning. For most of the time we have been in the program we have maintained our eligibility by having our software certified. But then Microsoft changed the requirements to be mostly revenue based and we were no longer able to maintain our Gold level (or silver level). We were still able to purchase the benefits that we use as a legacy Gold partner. But now it appears that Microsoft is getting rid of this next year. So I'm wondering what our best option or options are going forward. I've seen several emails about a new certification process as well as some new options for benefits. Based on our renewal date it appears that we will have to transition to the new benefits options. With the legacy Gold partner benefits, we currently have a monthly Azure benefit of $100 plus I believe some kind of reduced licensing cost for our Azure VMs related to our MSDN subscription which comes from the legacy Gold partner benefits. I found information about the new offerings here https://partner.microsoft.com/en-US/partnership/compare-programs I've reviewed the different offerings and it looks like the Partner Success Core Benefits and either the ISV Success Core Package or the ISV Success Expanded Package would be appropriate So that leads to my two questions: First, do we have to select and purchase both a benefits package and a software offering? Second, with our current legacy Gold partner benefits we'd annually renew our Azure benefits from the MPN site and that would flow directly to our Azure subscription. Will this stay the same with the new benefits? Thanks NickEligibility criterion of Copilot funding is not clear e.g. validated Copilot practice and offer
We are trying to raise funding as per eligibility defined in Microsoft Commerce Partners Incentives Guide. But we are not able to understand eligibility criterion: Q1.Partners with a Modern Work -->Question-Does that mean Modern work Solution Designation? Q2. or Business Applications specialization --> Question - Does that mean, we can chase any specialization out of 8 options? Q3. and validated Copilot practice and offer --> Question-not sure what does this mean? How to achieve this? Kindly try to be descriptive with details. Thanks.Help needed to enroll in the Microsoft Edge Program
I've been really struggling to find help on enrolling in the Microsoft Edge program. I am getting the error message "This account is not registered with Microsoft Edge program on Partner Center" I've tried a few things that has not worked. The error message said to work with my email administrator. However, my workspace's admin also gets the same error. So it does not seem like the administrator is able to do this. I tried opening a support ticket. To open a support ticket I had to choose a topic but there's no topic for this. I ended up choosing something an area under Microsoft AI Cloud Partner Program. The support closed my ticket as it's not part of their area. Where should I go to get help on registering with Partner Center?
