partner Admin Link (PAL) Overview
Microsoft partners provide services that help customers achieve business and mission objectives using Microsoft products. When acting on behalf of the customer managing, configuring, and supporting Azure services, the partner users will need access to the customer’s environment. Using Partner Admin Link, partners can associate their partner network ID with the credentials used for service delivery. Microsoft wants to recognize your influence on Azure consumption to deepen the partnership, build your business, and highlight your expertise.
Ways To Setup Partner Admin Link (PAL)
Can be setup via:
- The Azure Portal
- Activate Partner Admin Link whenever possible (in both incentive and non-incentive scenarios) as this maximises the demonstration of influence on customer Azure consumption.
- PAL is not retrospective, so it is best to do this on day 1 of an engagement.
- Automate where possible (i.e. PowerShell or CLI), Azure Portal as the fallback.
- Link all accounts that have access to customer resources (as some accounts may have different scopes of permissions, some accounts may drop off over time, etc).
- Use a Location or HQ based MPN ID (not Virtual Org).
PAL is linked on a per user, per tenant basis.
The bit you came here for (powershell script)!
At DevOpsGroup we need to ensure that each time we begin a new Azure engagement we are linking our MPN ID. As this should happen the first time we are logging into a customers environment for every user, we wanted to make it as simple as possible.
I created this script so you are guided through the process in a simple, user friendly manner and it validates that the ID has been set / changed.
As a quick run through the code does the following:
- Creating Log File & Start Transcript
- Check Required Modules Are Installed, if not, install them
- Connect To Azure Account
- Collect Tenant ID (You are presented with a grid view selector of Tenant ID’s you have access to)
- Collect New MPN Partner ID (Just press enter if you add your default as explained below)
- Validation of existing MPN ID (If it exists) and confirmation if you want to update it
- Validation of new MPN ID if new one is set / changed
$defaultValue = “1234567”
I would have this set to the DevOpsGroup MPN ID, so when it asks you for your ID, you can just hit enter to accept the above default. While this is the default, it still gives you the flexibility to enter a different ID and use that instead.
Big thanks to Bob Larkin for his QC work and suggesting the gridview!
Hope you find this useful, please feel free to fork and use!