Featured
Guides and eBooks
Microsoft Change Compendium
Insights, articles and resources on major updates in Microsoft's programs and licensing agreements and channel strategy.
Registering your Microsoft Partner Network (MPN) details correctly against your customer’s cloud environments is important for every Microsoft partners. This registration is necessary to ensure that you achieve all of the entitlements and benefits that Microsoft offers. In the case of Azure, this is covered by the Partner Admin Link (PAL) setting in each customer subscription.
PAL also assists Cloud Solution Providers (CSPs) by allowing the partner to earn the Partner Earned Credit (PEC) when their customers are on the new Microsoft Customer Agreement (MCA) and Azure Plan.
What is PAL?
In the beginning, Microsoft created Digital Partner of Record (DPOR), and it was good… well, kind of.
DPOR was the original way to link your MPN ID to a customer’s Azure environment, which gave you as the partner recognition for the revenue that Microsoft were receiving from the customer. The problem was that only one partner could be DPOR at any point in time. This left the big players (Large Account Resellers (LARs), typically) as the registered DPOR entity.
Now with PAL, any partner that provides services to a customer can link their MPN ID to the customer’s subscription(s) and receive benefits from Microsoft for doing so.
How is PAL configured?
PAL can be associated to a customer’s subscription by any user or service principal account that has eligible access to the subscription.
The user account could be a guest account, direct account, or an account delegated access via Azure Lighthouse.
The service principal needs to either be registered via Azure Active Directory, or via Azure Lighthouse.
Easy PAL configuration via Azure Lighthouse
When using Azure Lighthouse for delegated resource management, partners can do a one-time partner ID association that will subsequently connect the ID to every customer onboarded from then on. This is ideally done with a service principal, as a user account link will be removed if the user account is ever decommissioned.
Microsoft have provided instructions for this process here.
Automating PAL
Specific PowerShell cmdlets have been created for PAL, which means that the PAL association can be automated for ease of onboarding large amounts of customers. It also means a regular automation runbook can be scheduled to ensure that all new customers are captured for PAL. This can make a good backup to other avenues of association, such as the Lighthouse link above.
Automating PAL via service principal
This code block shows how to iterate through multiple tenants and subscriptions that the service principal has access to and set PAL for each of them. You will need to input a list of tenant IDs to iterate through as the first variable. This could be parameterized as well.
# Variables $CustomerTenantIds = @("<tenant1>","<tenant2>","<tenant3>") $MpnPartnerId = "<MPN ID>" # Note, it's recommended to keep the following secrets in a secure store such as Key Vault rather than hard-code them into the script $SpClientId = "<AAD App ID for Service Principal" $SpSecret = "<Secret for Service Principal" # Convert to SecureString [securestring]$secSpSecret = ConvertTo-SecureString $SpSecret -AsPlainText -Force # Create credential object [pscredential]$Creds = New-Object System.Management.Automation.PSCredential ($SpClientId, $SpSecret) # Iterate through all tenants foreach ($Tenant in $CustomerTenantIds) { # Login to Azure - Azure Automation try { "Logging in to Azure..." Add-AzAccount ` -ServicePrincipal ` -TenantId $Tenant ` -Credential $Creds "Login complete." } catch { $ErrorMessage = "Error logging into Azure" Write-Output $ErrorMessage throw $_.Exception } #Get all subscriptions $AllSubscriptions = Get-AzSubscription | Select-Object Name, Id Write-Output "Checking $($AllSubscriptions.Length) subscriptions" #Loop through all subscriptions foreach ($Subscription in $AllSubscriptions) { #Switch to the subscription Set-AzContext -SubscriptionId $Subscription.Id | Out-Null $PartnerStatus = Get-AzManagementPartner if ($PartnerStatus.PartnerId = $MpnPartnerId) { Write-Output "Subscription $($Subscription.Name) is already configured with MPN ID" continue } else { Write-Output "Setting MPN ID on subscription $($Subscription.Name)" New-AzManagementPartner -PartnerId $MpnPartnerId } } }
Automating PAL via an interactive user
This code block will iterate through each tenant and subscription that you as a user have access to. Unfortunately, you will need to follow the interactive login process for each customer that has MFA enabled, so you’ll need to watch the script and follow those prompts as necessary. Not recommended for large numbers of customers for which the service principal avenue is more suited.
You don’t need the tenant list for this script as the Get-AzTenant cmdlet will return all Azure tenancies that your account has access to.
$MpnPartnerId = "<MPN ID>" #Login to Azure - Azure Automation try { "Logging in to Azure..." Add-AzAccount "Login complete." } catch { $ErrorMessage = "Error logging into Azure" Write-Output $ErrorMessage throw $_.Exception } $AllTenants = Get-AzTenant foreach ($Tenant in $AllTenants) { Add-AzAccount -Tenant $Tenant.Id #Get all subscriptions $AllSubscriptions = Get-AzSubscription -TenantId $Tenant.Id | Select-Object Name, Id Write-Output "Checking $($AllSubscriptions.Length) subscriptions" #Loop through all subscriptions foreach ($Subscription in $AllSubscriptions) { #Switch to the subscription Set-AzContext -SubscriptionId $Subscription.Id -Tenant $Tenant.Id | Out-Null $PartnerStatus = Get-AzManagementPartner -ErrorAction Ignore if (!$PartnerStatus) { Write-Host "No admin link present." Write-Output "Setting MPN ID on subscription $($Subscription.Name)" New-AzManagementPartner -PartnerId $MpnPartnerId } elseif ($PartnerStatus.PartnerId = $MpnPartnerId) { Write-Output "Subscription $($Subscription.Name) is already configured with MPN ID" } } }
This example is one of many automated processes Crayon has available to automate the security, performance, availability and cost of Azure. Through the Parallo, Crayon can now bring these to our partners. If this is of interest, please contact your Crayon Account Manager for more information.
Disclaimer: While all care has been taken to test the accuracy of these scripts – test them before use and use them at your own risk, Crayon accepts no responsibility for the use, misuse, or accuracy of the scripts provided.
Related
Featured
Insights
Microsoft’s Channel Evolution
We explore the evolution of Microsoft's channel strategy over the past ten years, and what can be learned by viewing it through a Value Cycle lens.
Featured
Blogs
Build an AI-Augmented Field Support Stack
SMBs are on the hunt for intelligent, resilient and secure Field Service solutions. Explore a stack solution that meets all their needs!
Featured
Press Release
SoftwareOne completes Crayon transaction
Two global software and cloud leaders unite.
Featured
Technical
Resilience by Design
Explore a modern stack solution that combines backup, storage, and identity controls within a scalable hybrid cloud framework.
Featured
Business
Delivering CX Outcomes for SMBs
If your SMB customers are prioritising Customer Experience improvements, this article is for you!
Featured
Insights
Business Applications 2027
SMBs in APAC are ramping up adoption of cloud-based business applications. Find out why and how this influences the services and capabilities sought from their trusted IT service partners.
Featured
Insights
Deliver Data-Driven Value with Power BI
Deliver data-driven value with Power BI and harness the growing SMB customer demand for data analytics and visualisation.
Insights
Zero Trust Frameworks and Trend Micro
Solution adoption intent for Zero Trust is surging with SMBs across the region. Explore how Trend Micro can help partners respond.
Insights
Cybersecurity to 2027
Explore how SMBs in APAC are leveraging cybersecurity solutions and AI technologies toward achieving critical business objectives.
Featured
Insights
Partners of the Future
Rhonda Robati, Executive Vice President of Crayon APAC assesses the factors driving Microsoft's channel strategy and the evolution needed to be a Partner of the Future.
Blogs
Proactive Steps for CSP Program Partners
After decades of experience navigating seismic shifts in vendor strategy, Warren Nolan knows the importance of being pragmatic and proactive in the face of disruption to the Microsoft CSP Program.
Guides and eBooks
The Microsoft Fabric Partner Guide
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Case Studies
Whanau Tahi scales for explosive demand, with Crayon
Learn how our Cloud Managed Services team helped this ISV modernise its IT operating environment with Microsoft Azure.
Blogs
SPLA Compliance: Being Transparent is Better than Being Exposed
When it comes to SPLA compliance, it’s far better to be transparent than to be exposed. Find out why and how Crayon can help.
Blogs
SMBs Buck the Cut Back Trend on Tech
SMBs in Asia Pacific are maintaining or increasing their investments in cloud technologies, despite rocky market conditions. Find out why.
Blogs
Cloud Security Assessments are a Growth Opportunity
Crayon cloud security assessments help partners lock down M365 and Azure environments and build profitable cybersecurity practices. Learn how.
Blogs
Is Cloud Value at a Crossroad for SMBs?
Insights on the direction of SMB cloud adoptions across the region, and the capabilities they most value in their technology service providers.
