Forum Discussion

philtyrich's avatar
philtyrich
Copper Contributor
Apr 22, 2025

Adding connected organizations with powershell

Hi, 

When adding connected organizations using Powershell, the connected organization is added with auth type:  OTP/Microsoft account. 

When adding the connected org using Entra portal, the org is correctly added as a Microsoft Entra ID tenant. 

Is there any way to add the org as a Microsoft Entra ID tenant programatically?

B2B
Entitlement Management
entra id
EntraID
Federation
identity governance

3 Replies

Sort By
  • FadySamy's avatar
    FadySamy
    Copper Contributor
    Apr 23, 2025

    philtyrich,

    Hi, it appears that this is a known issue when using Azure AD or MSOnline PowerShell modules, which will be discontinued. Instead, please use the Microsoft Graph API.


    Please check this article:
    https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/update-mgpolicycrosstenantaccesspolicypartner?view=graph-powershell-1.0

    This could also be helpful. Perhaps it requires updates. Before making any changes, it’s best to test it first:

    Install-Module Microsoft.Graph -Scope CurrentUser

    Import-Module Microsoft.Graph

    Connect-MgGraph -Scopes "Policy.ReadWrite.CrossTenantAccess", "Directory.Read.All"

    #Set up the tenantId first (resolve via Get-MgDomain)
    $tenantId = "external-tenant-guid" (Must be the GUID)

    #Add the org
    $params = @{
        B2bCollaborationInbound = @{ isEnabled = $true }
        B2bCollaborationOutbound = @{ isEnabled = $true }
        IdentitySynchronization = @{ isEnabled = $false }
        InboundTrust = @{
            isCompliantDeviceAccepted = $false
            isHybridAzureADJoinedDeviceAccepted = $false
            isMfaAccepted = $false
        }
    }

    Update-MgPolicyCrossTenantAccessPolicyPartner -TenantId $tenantId -BodyParameter $params

    • philtyrich's avatar
      philtyrich
      Copper Contributor
      Apr 23, 2025

      Thanks for the reply FadySamy. Where did you get the info that MSGraph powershell will be discontinued? That's news to me, and I can't find anything about it in Microsoft docs. It is after all, fairly new in itself. I might misunderstand you, but from what I can tell, the Microsoft Graph module is not going anywhere.


      The code you provide works in the scenario where you want a specific B2B relationship trust, which is really not what I am after here, but thank you anyways!  

      • FadySamy's avatar
        FadySamy
        Copper Contributor
        Apr 24, 2025

        philtyrich I apologize for any misunderstanding. I meant MSOnline, not the Microsoft Graph API.

        Could you please check this article as well? It might provide some helpful information.
        https://learn.microsoft.com/en-us/graph/api/entitlementmanagement-post-connectedorganizations?view=graph-rest-1.0&tabs=http#example-2-create-a-connected-organization-with-an-identitysource-based-on-a-tenant-id

        Regarding the script, you’re right. Please check this one:

        Connect-MgGraph -Scopes "Policy.ReadWrite.EntitlementManagement", "Directory.Read.All"

        $tenantId = "external-tenant-guid" (Must be the GUID, not domain)

        $body = @{
            displayName = "External Organization Name"
            description = "Description"
            identitySources = @(@{
                "@odata.type" = "#microsoft.graph.tenantIdentitySource"
                tenantId = $tenantId
            })
            state = "proposed"
        }

        New-MgIdentityGovernanceEntitlementManagementConnectedOrganization -BodyParameter $body

        Thanks,
        Fady


Resources