Forum Widgets
Latest Discussions
Configuring the Secure App Model for PowerShell / API / Graph scripting with GDAP for Partners
Hi whomever may find this! With the old https://www.microsoftpartnercommunity.com/t5/Partner-Center-Security-Guidance/ct-p/partner-center-security-guidance going read-only as of March 8th, 2023 I thought I'd post a few useful links here in case someone is searching and unable to post on the old forums. The 2 main GDAP related threads on the old forum that feature info on getting Secure App Model to work with GDAP and the Exchange Online V3 PowerShell module (with the ExO automation App ID: a0c73c16-a7e3-4564-9a95-2bdf47383716 being retired eventually) are: https://web.archive.org/web/20230524021116/https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/MS-Graph-and-Partner-GDAP-access-customer-tenant-via-graph/td-p/69514 https://web.archive.org/web/20230524165847/https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/Retirement-of-the-Legacy-Exchange-Online-Public-Client-ID-app-ID/td-p/84770 These are both long threads, lots of info in a meandering kind of way. They disappeared after June 30th, 2023 - so these are links to the Internet Archive's WaybackMachine. But they're how we worked it all out - so useful background. So the best place to find current, step-by-step instructions for getting things to work is this post: https://tminus365.com/my-automations-break-with-gdap-the-fix/ It appears Nick has collected up all the info from the above 2 links, tested it, and made a fairly complete blog post, so start there. (note: for the ExO V3 stuff you must use the Customer's initial onmicrosoft.com domain for things to work properly) Big thanks to him! Nick has 2 additional posts that may be of interest as well. One on https://tminus365.com/how-to-leverage-microsoft-apis-for-automation/. And one on https://tminus365.com/gdap-multi-tenant-automation/. For some background info you can check out some of these links: The code leverages the https://learn.microsoft.com/en-us/partner-center/developer/secure-app-model-framework. It can be implemented in https://learn.microsoft.com/en-us/partner-center/developer/enable-secure-app-model#powershell. Setting it up involves a https://learn.microsoft.com/en-us/powershell/partnercenter/multi-factor-auth?view=partnercenterps-3.0. But many (most?) of us likely followed https://www.cyberdrain.com/connect-to-exchange-online-automated-when-mfa-is-enabled-using-the-secureapp-model/ (or https://www.gavsto.com/secure-application-model-for-the-layman-and-step-by-step/ too) ... originally. Though still useful background info these links have lots of outdated info, eg. they still reference Msol and AzureAD commands, but you can still mostly use them to follow along. There's also a post about https://www.gavsto.com/msp-powershell-for-beginners-part-2-securely-store-credentials-passwords-api-keys-and-secrets/ secrets, like the RefreshTokens. For CURRENT info, use the link above for https://tminus365.com/my-automations-break-with-gdap-the-fix/. Msol/MSOnline doesn't work with GDAP and AzureAD uses the old AzureAD Graph which is also being retired (use MS Graph instead, which works with GDAP). Remember: RefreshTokens are good for 90 days, redeem them for an AccessToken which is good for 60 mins. After 60 mins get another one. Before 90 days are up, get an AccessToken (which always includes a new RefreshToken) and save it instead of the old one. You can repeat that forever. But you may need to restart the process if the account you used initially changes its password - so use a dedicated account. For: Exchange Online and the https://learn.microsoft.com/en-us/powershell/partnercenter/exchange-online-gdap-app?view=partnercenterps-3.0 module and you can refer to the posts in this https://www.microsoftpartnercommunity.com/t5/Secure-Application-Model/Retirement-of-the-Legacy-Exchange-Online-Public-Client-ID-app-ID/td-p/84770, since there are mistakes and omissions in the official MS docs. Main error: use the original .onmicrosoft.com domain as the CustomerTenantID when connecting with Connect-ExchangeOnline If you use their public customer.com or their TenantID (Guid) it will work inconsistently, and you'll have problem writing (reading may work) The Secure App Model mainly uses Delegated permissions, see: https://learn.microsoft.com/en-us/graph/auth/auth-concepts and there's more info https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http Any Graph API calls will list Permissions needed depending on if you're using Delegated or Application, with https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#permissions for example. We generally use Delegated since we're accessing on behalf of Customers. You'll need to ensure your Secure App Registration has the required Graph permissions AND so does your customer Consent. Hopefully that helps someone! --Saul [Edited to add the WaybackMachine links and Nick's new posts]Resolved - CDX / demos.microsoft.com "Not Authorized" error #CDX
Just wanted to put it out there a recent issue I faced while accessing CDX tool (https://demos.microsoft.com). When logged in using my work account it errored out with below error: This message is quite misleading, as I do have a Partner account. Thankfully, I found an article: https://answers.microsoft.com/en-us/msoffice/forum/all/cant-access-cdxtransformmicrosoftcom-not/e9d79c49-1285-447d-8346-3c10a704e6b1 I had to: i. Launch https://mysignins.microsoft.com/security-info in incognito mode and Sign in with your work account to re-enforce MFA-based login. ii. Then launch https://cdx.transform.microsoft.com and enable third party cookies for this website. Then it gives the below Login Failed page which makes more sense (as it turns out, it was CDX who was missing some permissions required and not the other way around, lol. Ideally, if it pointed out the below error message by default without requiring above steps, it would have been a lot easier to get to the resolution): In my case, MFA was enforced and Cookies were already allowed. The last step was to click on the "by clicking on this link" hyperlink to allow Consent to the user permissions required by CDX tool. This can by done by the end user itself. Once consent is provided using the link, the tool is accessible in normal Browser mode. Note: If all users in the tenant are not able to access CDX, then Global Admin needs to follow the "by clicking on this link" to provide consent to CDX permissions. In this case you might get a "Consent" page upfront instead of above errors to request for consent from Global admin to "transform.microsoft.com". #CDX
Master Deal Sharing with Microsoft webinar happening today!
Our webinar - Master Deal Sharing with Microsoft - is happening today! If you’re a software company partnering with Microsoft, you probably started with big hopes for co-selling at scale. But the first hurdle almost everyone hits? Getting deals into Partner Center effectively and efficiently. Whether it’s your first deal or your thousandth, we’re sharing best practices that help you submit higher-quality deals faster—with better response rates from Microsoft sellers. 📅 Master Deal Sharing with Microsoft 🕐 Today at 10:00 AM PST / 1:00 PM EST 🔗 https://events.teams.microsoft.com/event/dba72138-6b0e-4aec-b41e-e41faf41db92@b9cefa9a-8ec8-44c3-b562-cd34d6ef80b3 See you there!
Do More with Microsoft 365 E3 promo
The link for this promo downloads a locked PDF that no one seems to be able to open. How do we access the details of this promo? Please advise Partner blog post: https://www.microsoft.com/en-us/americas-partner-blog/2024/12/16/microsoft-365-copilot-enables-new-opportunities-for-partners/ Link to PDF: https://aka.ms/DMWL_ME3_Promo_ExecSum Promo offer Do More with Microsoft 365 E3 promo Security remains a top priority for customers. The introduction of AI amplifies this concern, underscoring the importance of safeguarding data. Now through June 30, 2025, CSP partners will receive a 15 percent discount off the net partner price for new-to-Microsoft 365 E3 customers. Microsoft 365 E3 provides essential foundations to enable AI, including Microsoft 365 apps and security capabilities that simplify IT management and support customers on their Zero Trust journey. For customers seeking next-level threat protection and data security, Microsoft 365 E5 provides additional capabilities such as XDR to defend across the infrastructure and ensure data security throughout the data lifecycle.
Partner payment error
The Partner Payment Center payment page does not properly process cards. The error I am receiving does not seem to be a valid error for credit cards: Payment failed due to insufficient balance. Please check with your bank or try again with a different card. My Card is in good standing. In the MS store I have no problem, just in the Partner payment page. I've cleared the browser cache and still get the same error.
Our solution partner designation under threat as scores are not getting updated.!!
We have a major issue with the solution partner not updating the points against the performance and customer success categories. We have added several customers and deployments, however it just shows 0 for the above categories. The Cloud product performance report though clearly shows all customers and seats and values, it simply doesnt update the score. We had opened a case with microsoft 6 months back and have already provided all the details requested however the front line support always sends a response every 2 days that there backend team is looking into the issue. No other updates for last 5 months. We are amused how bad the support is for Microsoft partners who dont have a premier support and no SLA's whatsoever (Except for sending same response copy and paste every 2 days). Want some one responsible to please look into this and highlight whats wrong as our membership is under threat. Appreciate any help in this regards.
Inquiry Regarding Existing Microsoft Applications for End-to-End Operational Management
I would like to inquire whether Microsoft offers any pre-built, production-ready applications—preferably within the Dynamics 365 ecosystem—that are currently in use by customers and proven to be stable, which support the following functionalities: Work Order Management Operational Management Production Planning and Control Resource Management Asset Management Quality Management Inventory Management Barcode Scanning for real-time job tracking (start/finish) Profitability and Financial Reporting Hours Variation Analysis( Planned Vs Actual) Cost Variation Analysis( Planned Vs Actual) We are seeking a solution that integrates these capabilities into a unified platform, ideally with real-time data capture and reporting features. If such a solution exists, we would appreciate details regarding its availability, deployment options, licensing, and customer success stories. Looking forward to your guidanceWindows hardware developer program deactivated in Partner Center - support cases closed unresolved.
Hello, I need assistance with the Windows Hardware Developer Program in Partner Center. My account shows as deactivated and inaccessible, even though my account is fully authorized and, I am the Global Administrator for our Entra ID tenant. Our organization has an active EV code signing certificate. Our D-U-N-S/company information is valid I have already opened Partner Center support tickets, but they were closed without resolution: Case ID: 2508050010001953 Case ID: 2508080010002600 Case ID:2508160010000069 Case ID:25081900100000123 First two tickets got closed, last two tickets I just opened asking for more clarification. Our company is desperately need to get WHQL certified driver so our customers can ship Windows products. From other community posts, it seems this may require a manual review and escalation to Partner Center Operations / Vetting Team, since automated provisioning has failed. Could a Microsoft representative please review this case and escalate it appropriately? Thank you, Huei-Mei Su Lisuantech
