Forum Widgets
Latest Discussions
Configuring the Secure App Model for PowerShell / API / Graph scripting with GDAP for Partners
Hi whomever may find this! With the old https://www.microsoftpartnercommunity.com/t5/Partner-Center-Security-Guidance/ct-p/partner-center-security-guidance going read-only as of March 8th, 2023 I thought I'd post a few useful links here in case someone is searching and unable to post on the old forums. The 2 main GDAP related threads on the old forum that feature info on getting Secure App Model to work with GDAP and the Exchange Online V3 PowerShell module (with the ExO automation App ID: a0c73c16-a7e3-4564-9a95-2bdf47383716 being retired eventually) are: https://web.archive.org/web/20230524021116/https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/MS-Graph-and-Partner-GDAP-access-customer-tenant-via-graph/td-p/69514 https://web.archive.org/web/20230524165847/https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/Retirement-of-the-Legacy-Exchange-Online-Public-Client-ID-app-ID/td-p/84770 These are both long threads, lots of info in a meandering kind of way. They disappeared after June 30th, 2023 - so these are links to the Internet Archive's WaybackMachine. But they're how we worked it all out - so useful background. So the best place to find current, step-by-step instructions for getting things to work is this post: https://tminus365.com/my-automations-break-with-gdap-the-fix/ It appears Nick has collected up all the info from the above 2 links, tested it, and made a fairly complete blog post, so start there. (note: for the ExO V3 stuff you must use the Customer's initial onmicrosoft.com domain for things to work properly) Big thanks to him! Nick has 2 additional posts that may be of interest as well. One on https://tminus365.com/how-to-leverage-microsoft-apis-for-automation/. And one on https://tminus365.com/gdap-multi-tenant-automation/. For some background info you can check out some of these links: The code leverages the https://learn.microsoft.com/en-us/partner-center/developer/secure-app-model-framework. It can be implemented in https://learn.microsoft.com/en-us/partner-center/developer/enable-secure-app-model#powershell. Setting it up involves a https://learn.microsoft.com/en-us/powershell/partnercenter/multi-factor-auth?view=partnercenterps-3.0. But many (most?) of us likely followed https://www.cyberdrain.com/connect-to-exchange-online-automated-when-mfa-is-enabled-using-the-secureapp-model/ (or https://www.gavsto.com/secure-application-model-for-the-layman-and-step-by-step/ too) ... originally. Though still useful background info these links have lots of outdated info, eg. they still reference Msol and AzureAD commands, but you can still mostly use them to follow along. There's also a post about https://www.gavsto.com/msp-powershell-for-beginners-part-2-securely-store-credentials-passwords-api-keys-and-secrets/ secrets, like the RefreshTokens. For CURRENT info, use the link above for https://tminus365.com/my-automations-break-with-gdap-the-fix/. Msol/MSOnline doesn't work with GDAP and AzureAD uses the old AzureAD Graph which is also being retired (use MS Graph instead, which works with GDAP). Remember: RefreshTokens are good for 90 days, redeem them for an AccessToken which is good for 60 mins. After 60 mins get another one. Before 90 days are up, get an AccessToken (which always includes a new RefreshToken) and save it instead of the old one. You can repeat that forever. But you may need to restart the process if the account you used initially changes its password - so use a dedicated account. For: Exchange Online and the https://learn.microsoft.com/en-us/powershell/partnercenter/exchange-online-gdap-app?view=partnercenterps-3.0 module and you can refer to the posts in this https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/Retirement-of-the-Legacy-Exchange-Online-Public-Client-ID-app-ID/td-p/84770, since there are mistakes and omissions in the official MS docs. Main error: use the original .onmicrosoft.com domain as the CustomerTenantID when connecting with Connect-ExchangeOnline If you use their public customer.com or their TenantID (Guid) it will work inconsistently, and you'll have problem writing (reading may work) The Secure App Model mainly uses Delegated permissions, see: https://learn.microsoft.com/en-us/graph/auth/auth-concepts and there's more info https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http Any Graph API calls will list Permissions needed depending on if you're using Delegated or Application, with https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#permissions for example. We generally use Delegated since we're accessing on behalf of Customers. You'll need to ensure your Secure App Registration has the required Graph permissions AND so does your customer Consent. Hopefully that helps someone! --Saul [Edited to add the WaybackMachine links and Nick's new posts]Resolved - CDX / demos.microsoft.com "Not Authorized" error #CDX
Just wanted to put it out there a recent issue I faced while accessing CDX tool (https://demos.microsoft.com). When logged in using my work account it errored out with below error: This message is quite misleading, as I do have a Partner account. Thankfully, I found an article: https://answers.microsoft.com/en-us/msoffice/forum/all/cant-access-cdxtransformmicrosoftcom-not/e9d79c49-1285-447d-8346-3c10a704e6b1 I had to: i. Launch https://mysignins.microsoft.com/security-info in incognito mode and Sign in with your work account to re-enforce MFA-based login. ii. Then launch https://cdx.transform.microsoft.com and enable third party cookies for this website. Then it gives the below Login Failed page which makes more sense (as it turns out, it was CDX who was missing some permissions required and not the other way around, lol. Ideally, if it pointed out the below error message by default without requiring above steps, it would have been a lot easier to get to the resolution): In my case, MFA was enforced and Cookies were already allowed. The last step was to click on the "by clicking on this link" hyperlink to allow Consent to the user permissions required by CDX tool. This can by done by the end user itself. Once consent is provided using the link, the tool is accessible in normal Browser mode. Note: If all users in the tenant are not able to access CDX, then Global Admin needs to follow the "by clicking on this link" to provide consent to CDX permissions. In this case you might get a "Consent" page upfront instead of above errors to request for consent from Global admin to "transform.microsoft.com". #CDX
Net Customer Adds - encouraging the wrong culture?
We're a Microsoft Partner that focuses on delivering excellent service to our SMB clients. This involves making sure they're as secure and compliant as they can be, and that they understand how to use the vast array of modern workplace tools to maximum advantage. Our primary Solutions Partner Designation is therefore Modern Work (SMB). Our staff are keen on learning so we have maximum points for intermediate and advanced certifications. We are continuously helping our clients to exploit the modern work tools so deployment scores are excellent. We also help our clients ensure those tools are adopted into the everyday flow of work so usage growth is huge. BUT, given our focus is implementing more Microsoft workloads into existing customers, rather than adding more customers, our Net Customer Adds score is 0, putting our designation at risk (as you have to score points in every area to renew). I do feel we're effectively being penalised by Microsoft for concentrating on helping clients get the most out of their offerings, rather than just selling licenses. And after raising this with them, it sounds like there's nothing we can do other than simply keep our fingers crossed that a month of high net customer adds drops off the rolling 12 month window before our renewal date for us to maintain our designation. The skilling, deployment, and usage requirements all make sense as they're about providing a good service and ensuring adoption by the end customer, but net customer adds clearly puts selling over service which isn't our culture or business model (or that of many smaller partners). In chatting to other partners, many are choosing not to renew their SPD's for similar reasons so I'm hoping the relevant decision makers will listen to this feedback and review the scoring. What do you think?
Master Deal Sharing with Microsoft webinar happening today!
Our webinar - Master Deal Sharing with Microsoft - is happening today! If you’re a software company partnering with Microsoft, you probably started with big hopes for co-selling at scale. But the first hurdle almost everyone hits? Getting deals into Partner Center effectively and efficiently. Whether it’s your first deal or your thousandth, we’re sharing best practices that help you submit higher-quality deals faster—with better response rates from Microsoft sellers. 📅 Master Deal Sharing with Microsoft 🕐 Today at 10:00 AM PST / 1:00 PM EST 🔗 https://events.teams.microsoft.com/event/dba72138-6b0e-4aec-b41e-e41faf41db92@b9cefa9a-8ec8-44c3-b562-cd34d6ef80b3 See you there!
Do More with Microsoft 365 E3 promo
The link for this promo downloads a locked PDF that no one seems to be able to open. How do we access the details of this promo? Please advise Partner blog post: https://www.microsoft.com/en-us/americas-partner-blog/2024/12/16/microsoft-365-copilot-enables-new-opportunities-for-partners/ Link to PDF: https://aka.ms/DMWL_ME3_Promo_ExecSum Promo offer Do More with Microsoft 365 E3 promo Security remains a top priority for customers. The introduction of AI amplifies this concern, underscoring the importance of safeguarding data. Now through June 30, 2025, CSP partners will receive a 15 percent discount off the net partner price for new-to-Microsoft 365 E3 customers. Microsoft 365 E3 provides essential foundations to enable AI, including Microsoft 365 apps and security capabilities that simplify IT management and support customers on their Zero Trust journey. For customers seeking next-level threat protection and data security, Microsoft 365 E5 provides additional capabilities such as XDR to defend across the infrastructure and ensure data security throughout the data lifecycle.
Partner payment error
The Partner Payment Center payment page does not properly process cards. The error I am receiving does not seem to be a valid error for credit cards: Payment failed due to insufficient balance. Please check with your bank or try again with a different card. My Card is in good standing. In the MS store I have no problem, just in the Partner payment page. I've cleared the browser cache and still get the same error.Our solution partner designation under threat as scores are not getting updated.!!
We have a major issue with the solution partner not updating the points against the performance and customer success categories. We have added several customers and deployments, however it just shows 0 for the above categories. The Cloud product performance report though clearly shows all customers and seats and values, it simply doesnt update the score. We had opened a case with microsoft 6 months back and have already provided all the details requested however the front line support always sends a response every 2 days that there backend team is looking into the issue. No other updates for last 5 months. We are amused how bad the support is for Microsoft partners who dont have a premier support and no SLA's whatsoever (Except for sending same response copy and paste every 2 days). Want some one responsible to please look into this and highlight whats wrong as our membership is under threat. Appreciate any help in this regards.
The actual reason for 715-123160
Hello there, I understand that "Microsoft runs on trust" but even after opening a ticket I've not been told what's the trust issue. The only answer I have is: Microsoft runs on trust. We engage in a rigorous set of evaluation and certification processes; as a result your request was blocked I'm a Microsoft Partner since few years, it's not a new enrollment, why can't I know what changed and caused this issue? Honestly, I'm the one who's losing faith in Microsoft. Is there a valid reason? Ok, I accept it but I need to know what's the reason otherwise is just a system error.
