Manage Microsoft Customer Tenants
Overview
This document provides a guide on managing Microsoft customer tenants by linking CSP tenants to organizations within the Cloudmore platform. Properly linking your tenants to organizations is crucial for effective management and visibility of all customer CSP services. This process enables you to handle all changes efficiently and allows the customers to utilize self-service options.
đź”– Cloudmore Organization
An organization is an entity that falls under a broker and consumes the broker's services. Essentially, it is a company or a department within a company.
đź”– Tenant
A tenant is an entity assigned a unique ID (Tenant ID) under the Microsoft Partner platform for entities that buy and consume Microsoft CSP services.
Organizations & Tenants - for the relationship between Cloudmore Organization and Tenants.
Managing Tenants
The process of linking your tenants to organizations is essential for viewing all your customers and their CSP services in Cloudmore. This enables efficient management of and allows your customers to utilize self-service options.
Pre-Requisites for managing tenants
Enable MFA token (Microsoft has implemented a mandatory model to enhance security for Partner Center API Integration calls. To ensure uninterrupted Cloudmore services, you must complete the steps outlined below)
Manually linking the tenant is required only when the new customer is created first on the Microsoft Partner.
Enabling MFA
Pre-Requisites for Enabling MFA
To enable the MFA token, ensure you complete the process through the eu.cloudmore.com address for EU customers or the us.cloudmore.com address for US customers, avoiding branded URLs.
The user account for the Microsoft Partner Center must have at least Privileged Role Administrator permissions to authenticate the token correctly. Additionally, this account must have MFA enabled in the Partner Center.
The Privileged Role Administrator account should also be assigned the Admin Agent role in the Partner Center.
Once the token is activated, do not change the permissions or passwords of the Global Administrator account, as this will invalidate the token's authentication.
If the broker requires users to log in via SSO, this requirement should be disabled.
Steps to enable MFA
Log in to Cloudmore: Access the Cloudmore platform.
Navigate to Authentication: Go to My Services > O365 > Microsoft CSP Authentication.
Enter Microsoft ID: On the presented screen, enter your Microsoft ID. (The ID can be found in the Microsoft Partner Center. Home > My Profile (Account Settings) > Microsoft Entra ID profile > Microsoft ID.)
Update and Authenticate: Press Update. You will be redirected to the Microsoft Partner Center. Sign in with a Global Admin account and grant consent for the process.
Automatic Token Refresh: The token will automatically refresh every night.
Cloudmore might require a manual token update in case of permission changes for accessing the Partner Center data on your behalf. This might happen when Microsoft changes the permission requirements for using the API endpoints or accessing customer data
Test the Token: Log into Cloudmore and run a Microsoft Billing Report to test the API connection to the Microsoft Partner Center.
Reset SSO Settings: Re-enable any mandatory SSO settings that were previously disabled.
Enabling MFA
Steps to Link all Microsoft Tenants
Log in to Cloudmore.
Navigate to the menu, My services > Microsoft O365 CSP direct.
Click on the Link Tenant To Organization.
Cloudmore will identify all existing CSP tenants registered for the broker from the Partner Center and display an alert indicating the number of tenants not linked to an organization. It's important to regularly check this alert to ensure all tenants are properly matched. Unlinked tenants will not appear in billing reports, and Cloudmore will not generate billing data for these customers.
Linking individual tenants
Link a Tenant to an Existing Organization: Click on the Link icon to link the tenant to an existing organization record. This option should be used when an organization is already present on both Cloudmore and the Partner Center but has not yet been linked.
This ensures you have successfully linked the tenant to an organization.
Please repeat this process for each of your existing CSP tenants to ensure they are all properly linked.
Create a New Organization from the Tenant: Select the Create option to create the organization on Cloudmore and link it to the tenant. This option should be used when an additional tenant is created in the Partner Center but was not included in the bulk tenant linking process. If the Microsoft tenant was created after the bulk linking, and the broker now wants to create an organization individually.
An alternative method to create a tenant for an organization in Cloudmore is to opt for a CSP service from the E-Store. This creates a tenant ID on the partner site and links the organization to it. In this case, there is an option provided for the user to request default GDAP permissions and security groups for the newly created tenant.
Option to select default GDAP permissions
By following the steps outlined in this guide, you can effectively manage and link your CSP tenants to organizations within the Cloudmore platform. Regularly monitoring and linking tenants ensures accurate billing reports and seamless service management. This process is crucial for maintaining up-to-date information and providing reliable services to your customers.
Steps to Link all Azure Tenants
To link all Azure Tenants, the bulk link Microsoft Azure option can be used. This option is available under Link Tenant To Organization.
Follow the Adding the Microsoft Azure Service guide for detailed steps: