Forum Discussion

FadySamy's avatar
FadySamy
Copper Contributor
Apr 23, 2025

philtyrich,

Hi, it appears that this is a known issue when using Azure AD or MSOnline PowerShell modules, which will be discontinued. Instead, please use the Microsoft Graph API.


Please check this article:
https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/update-mgpolicycrosstenantaccesspolicypartner?view=graph-powershell-1.0

This could also be helpful. Perhaps it requires updates. Before making any changes, it’s best to test it first:

Install-Module Microsoft.Graph -Scope CurrentUser

Import-Module Microsoft.Graph

Connect-MgGraph -Scopes "Policy.ReadWrite.CrossTenantAccess", "Directory.Read.All"

#Set up the tenantId first (resolve via Get-MgDomain)
$tenantId = "external-tenant-guid" (Must be the GUID)

#Add the org
$params = @{
    B2bCollaborationInbound = @{ isEnabled = $true }
    B2bCollaborationOutbound = @{ isEnabled = $true }
    IdentitySynchronization = @{ isEnabled = $false }
    InboundTrust = @{
        isCompliantDeviceAccepted = $false
        isHybridAzureADJoinedDeviceAccepted = $false
        isMfaAccepted = $false
    }
}

Update-MgPolicyCrossTenantAccessPolicyPartner -TenantId $tenantId -BodyParameter $params

philtyrich's avatar
philtyrich
Copper Contributor
Apr 23, 2025

Thanks for the reply FadySamy. Where did you get the info that MSGraph powershell will be discontinued? That's news to me, and I can't find anything about it in Microsoft docs. It is after all, fairly new in itself. I might misunderstand you, but from what I can tell, the Microsoft Graph module is not going anywhere.


The code you provide works in the scenario where you want a specific B2B relationship trust, which is really not what I am after here, but thank you anyways!  

  • FadySamy's avatar
    FadySamy
    Copper Contributor
    Apr 24, 2025

    philtyrich I apologize for any misunderstanding. I meant MSOnline, not the Microsoft Graph API.

    Could you please check this article as well? It might provide some helpful information.
    https://learn.microsoft.com/en-us/graph/api/entitlementmanagement-post-connectedorganizations?view=graph-rest-1.0&tabs=http#example-2-create-a-connected-organization-with-an-identitysource-based-on-a-tenant-id

    Regarding the script, you’re right. Please check this one:

    Connect-MgGraph -Scopes "Policy.ReadWrite.EntitlementManagement", "Directory.Read.All"

    $tenantId = "external-tenant-guid" (Must be the GUID, not domain)

    $body = @{
        displayName = "External Organization Name"
        description = "Description"
        identitySources = @(@{
            "@odata.type" = "#microsoft.graph.tenantIdentitySource"
            tenantId = $tenantId
        })
        state = "proposed"
    }

    New-MgIdentityGovernanceEntitlementManagementConnectedOrganization -BodyParameter $body

    Thanks,
    Fady


Resources