Registering your Microsoft Partner Network (MPN) details correctly against your customer’s cloud environments is important for every Microsoft partners. This registration is necessary to ensure that you achieve all of the entitlements and benefits that Microsoft offers. In the case of Azure, this is covered by the Partner Admin Link (PAL) setting in each customer subscription.
PAL also assists Cloud Solution Providers (CSPs) by allowing the partner to earn the Partner Earned Credit (PEC) when their customers are on the new Microsoft Customer Agreement (MCA) and Azure Plan.
In the beginning, Microsoft created Digital Partner of Record (DPOR), and it was good… well, kind of.
DPOR was the original way to link your MPN ID to a customer’s Azure environment, which gave you as the partner recognition for the revenue that Microsoft were receiving from the customer. The problem was that only one partner could be DPOR at any point in time. This left the big players (Large Account Resellers (LARs), typically) as the registered DPOR entity.
Now with PAL, any partner that provides services to a customer can link their MPN ID to the customer’s subscription(s) and receive benefits from Microsoft for doing so.
PAL can be associated to a customer’s subscription by any user or service principal account that has eligible access to the subscription.
The user account could be a guest account, direct account, or an account delegated access via Azure Lighthouse.
The service principal needs to either be registered via Azure Active Directory, or via Azure Lighthouse.
When using Azure Lighthouse for delegated resource management, partners can do a one-time partner ID association that will subsequently connect the ID to every customer onboarded from then on. This is ideally done with a service principal, as a user account link will be removed if the user account is ever decommissioned.
Microsoft have provided instructions for this process here.
Specific PowerShell cmdlets have been created for PAL, which means that the PAL association can be automated for ease of onboarding large amounts of customers. It also means a regular automation runbook can be scheduled to ensure that all new customers are captured for PAL. This can make a good backup to other avenues of association, such as the Lighthouse link above.
This code block shows how to iterate through multiple tenants and subscriptions that the service principal has access to and set PAL for each of them. You will need to input a list of tenant IDs to iterate through as the first variable. This could be parameterized as well.
# Variables $CustomerTenantIds = @("<tenant1>","<tenant2>","<tenant3>") $MpnPartnerId = "<MPN ID>" # Note, it's recommended to keep the following secrets in a secure store such as Key Vault rather than hard-code them into the script $SpClientId = "<AAD App ID for Service Principal" $SpSecret = "<Secret for Service Principal" # Convert to SecureString [securestring]$secSpSecret = ConvertTo-SecureString $SpSecret -AsPlainText -Force # Create credential object [pscredential]$Creds = New-Object System.Management.Automation.PSCredential ($SpClientId, $SpSecret) # Iterate through all tenants foreach ($Tenant in $CustomerTenantIds) { # Login to Azure - Azure Automation try { "Logging in to Azure..." Add-AzAccount ` -ServicePrincipal ` -TenantId $Tenant ` -Credential $Creds "Login complete." } catch { $ErrorMessage = "Error logging into Azure" Write-Output $ErrorMessage throw $_.Exception } #Get all subscriptions $AllSubscriptions = Get-AzSubscription | Select-Object Name, Id Write-Output "Checking $($AllSubscriptions.Length) subscriptions" #Loop through all subscriptions foreach ($Subscription in $AllSubscriptions) { #Switch to the subscription Set-AzContext -SubscriptionId $Subscription.Id | Out-Null $PartnerStatus = Get-AzManagementPartner if ($PartnerStatus.PartnerId = $MpnPartnerId) { Write-Output "Subscription $($Subscription.Name) is already configured with MPN ID" continue } else { Write-Output "Setting MPN ID on subscription $($Subscription.Name)" New-AzManagementPartner -PartnerId $MpnPartnerId } } }
This code block will iterate through each tenant and subscription that you as a user have access to. Unfortunately, you will need to follow the interactive login process for each customer that has MFA enabled, so you’ll need to watch the script and follow those prompts as necessary. Not recommended for large numbers of customers for which the service principal avenue is more suited.
You don’t need the tenant list for this script as the Get-AzTenant cmdlet will return all Azure tenancies that your account has access to.
$MpnPartnerId = "<MPN ID>" #Login to Azure - Azure Automation try { "Logging in to Azure..." Add-AzAccount "Login complete." } catch { $ErrorMessage = "Error logging into Azure" Write-Output $ErrorMessage throw $_.Exception } $AllTenants = Get-AzTenant foreach ($Tenant in $AllTenants) { Add-AzAccount -Tenant $Tenant.Id #Get all subscriptions $AllSubscriptions = Get-AzSubscription -TenantId $Tenant.Id | Select-Object Name, Id Write-Output "Checking $($AllSubscriptions.Length) subscriptions" #Loop through all subscriptions foreach ($Subscription in $AllSubscriptions) { #Switch to the subscription Set-AzContext -SubscriptionId $Subscription.Id -Tenant $Tenant.Id | Out-Null $PartnerStatus = Get-AzManagementPartner -ErrorAction Ignore if (!$PartnerStatus) { Write-Host "No admin link present." Write-Output "Setting MPN ID on subscription $($Subscription.Name)" New-AzManagementPartner -PartnerId $MpnPartnerId } elseif ($PartnerStatus.PartnerId = $MpnPartnerId) { Write-Output "Subscription $($Subscription.Name) is already configured with MPN ID" } } }
This example is one of many automated processes Crayon has available to automate the security, performance, availability and cost of Azure. Through the Parallo, Crayon can now bring these to our partners. If this is of interest, please contact your Crayon Account Manager for more information.
Disclaimer: While all care has been taken to test the accuracy of these scripts – test them before use and use them at your own risk, Crayon accepts no responsibility for the use, misuse, or accuracy of the scripts provided.
Sales and Marketing
Business leaders don't live in the tools. They live in the outcomes. The metrics they care about most are not always limited to compliance and risk. So how do you connect data protection to the big-ticket objectives, when they're less obvious? Our in-house pre-sales expert, Michael Brooke explains.
Guides and eBooks
As SMBs mature in the Data Protection lifecycle, they need help to optimise spend, reduce the compliance burden and ensure results align to business objectives. The third installment of our Data Protection Playbook series provides practical guidance for partners on how to address emerging pressure and connect ongoing investment to measurable business value.
Training
Copilot Agents: what are they and how do they differ from AI assistants and chatbots? Our in-house Copilot expert Ksenia Turner explains the use cases and service opportunities for partners.
Blogs
Fragmented data protection systems and processes create compliance proof-gaps for SMB customers. Scott Hagenus, Director, Cybersecurity here at Crayon explains.
Sales and Marketing
Ever wonder why a pitch has some IT Managers leaning forward, while others glaze over? Michael Brooke, Cybersecurity Pre-Sales Lead offers some insight on how to tune your approach to chime with different technical mindsets.
Guides and eBooks
How can partners help their SMB customers to move from silos of security and continuity to a more cohesive, measurable and insurable data protection framework? The second edition in our Data Protection Playbook series maps out their journey, and yours.
Vendor Announcements
Copilot for Business has landed at Microsoft Ignite 2025, levelling the GenAI playing field for SMB customers. Learn all about it from our man on the ground, Andreas Bergman.
Press Release
Press Release
Blogs
As cybersecurity and continuity converge in platforms and in practice, partners need new playbooks to address modern Data Protection standards. Our in-house cybersecurity pre-sales lead, Michael Brooke explains why.
Guides and eBooks
What triggers an SMB customer to begin exploring their need for better Data Protection? The first of our four Data Protection Playbooks for partners breaks down how to position and win in the Pre-Adoption and Exploration stage.
Insights
Data Protection priorities are shifting for SMBs. Ramp up your ability to respond with curated insights, articles and resources to help you guide every customer conversation with confidence.
Partner Spotlight
In this Partner Spotlight, Acceltech Managing Director Ivy Tarrobago shares how Crayon’s responsive support enhances client outcomes and business growth.
Whitepapers
Data Protection is a must for all SMBs but how can partners align solution investment with critical business objectives? Our latest paper shows you how.
Press Release
Crayon has been recognised with a huge double win at the CRN Channel Asia awards ceremony.
Insights
All the latest insights, articles and resources on M365 Copilot, curated into one place.
Insights
SMB customers are storing greater volumes of sensitive data in more places than ever. Secure backup and recovery practices are essential to how they protect it.
Partner Spotlight
Bigfish Technology saved AU$20,000 on its annual Microsoft licensing after one call with Crayon and has since built a strong partnership that enabled Bigfish to get access to Crayon’s expertise and vendor ecosystem.
Insights
Insider risk is a subtle and continuous challenge for SMB customers. Turn it into a manageable and quantifiable aspect of their Data Protection strategy.
Blogs
From rethinking backup to governance frameworks and behavioural analytics, what's involved in building a complete Data Protection strategy for SMB customers?
Insights
We explore the evolution of Microsoft's channel strategy over the past ten years, and what can be learned by viewing it through a Value Cycle lens.
Guides and eBooks
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Case Studies
Learn how our Cloud Managed Services team helped this ISV modernise its IT operating environment with Microsoft Azure.
Blogs
When it comes to SPLA compliance, it’s far better to be transparent than to be exposed. Find out why and how Crayon can help.
Blogs
SMBs in Asia Pacific are maintaining or increasing their investments in cloud technologies, despite rocky market conditions. Find out why.
Blogs
Crayon cloud security assessments help partners lock down M365 and Azure environments and build profitable cybersecurity practices. Learn how.
Blogs
Insights on the direction of SMB cloud adoptions across the region, and the capabilities they most value in their technology service providers.
