Skip to content
/ CSPMgGraph Public

Functions for connecting to customers using CSP credentials through Microsoft Graph

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MarcusTedde/CSPMgGraph

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
CSPPartnerTools
CSPPartnerTools
 
 
examples
examples
 
 
CSPMgGraphFunctions.ps1
CSPMgGraphFunctions.ps1
 
 
README.md
README.md
 
 

Repository files navigation

CSPPartnerTools

CSPPartnerTools is a production-ready PowerShell module for Cloud Solution Providers to manage Microsoft 365 customer tenants using Microsoft Graph and Partner Center. It generalizes and evolves the original CSPMgGraphFunctions.ps1 into a reusable, publishable module.

Install

From PowerShell Gallery (when published):

Install-Module CSPPartnerTools -Scope CurrentUser
Import-Module CSPPartnerTools

From source (this repo):

Import-Module ./CSPPartnerTools -Force

Configure

Create a multi-tenant app registration in your CSP partner tenant and capture:

  • App (client) ID
  • Client secret
  • Partner tenant ID

Set environment variables for examples and scripts:

$env:CSP_APP_ID = '00000000-0000-0000-0000-000000000000'
$env:CSP_APP_SECRET = 'your-app-secret'
$env:CSP_PARTNER_TENANT_ID = '00000000-0000-0000-0000-000000000000'

Quickstart

Initialize-CSPPartnerEnvironment -InstallMissing
Select-CSPCustomer -CSPAppId $env:CSP_APP_ID -CSPAppSecret $env:CSP_APP_SECRET -PartnerTenantId $env:CSP_PARTNER_TENANT_ID

Functions

  • Initialize-CSPPartnerEnvironment
  • Get-AuthenticationTokens
  • Grant-CSPCustomerConsent
  • Set-AuthHeaders
  • Select-CSPCustomer
  • Export-CSPCustomerM365DSCConfiguration
  • Invoke-CSPApplyM365DSCConfiguration
  • New-CSPCustomerTenant

Run Get-Command -Module CSPPartnerTools for the full list as the module grows.

Examples

See examples/ for end-to-end scenarios: installing, selecting customers, granting consent across all customers, user/group listing, license export, Intune devices, MFA status, service health, a cross-tenant template, and Microsoft365DSC export/apply flows including creating a new tenant from a Golden Image.

Microsoft365DSC Integration

This module integrates with Microsoft365DSC to enable:

  • Golden Image exports from a reference tenant
  • Applying DSC to bootstrap brand-new tenants
  • Repeatable, auditable provisioning across many customers

Install prerequisites

Initialize-CSPPartnerEnvironment -InstallMissing

This installs/imports PartnerCenter, Microsoft Graph modules, AzureAD, and Microsoft365DSC.

Export a Golden Image from an existing customer

# 1) Select customer to export
$token = Select-CSPCustomer -CSPAppId $env:CSP_APP_ID -CSPAppSecret $env:CSP_APP_SECRET -PartnerTenantId $env:CSP_PARTNER_TENANT_ID

# 2) Run export (split per workload for easier review)
$export = Export-CSPCustomerM365DSCConfiguration `
  -CSPAppId $env:CSP_APP_ID `
  -CSPAppSecret $env:CSP_APP_SECRET `
  -PartnerTenantId $env:CSP_PARTNER_TENANT_ID `
  -OutputFolder ./M365DSC-Exports `
  -SplitPerWorkload

"Exported script: $($export.FullName)"

Notes:

  • Use -Workloads to restrict components, e.g. -Workloads Exchange,Teams
  • The export runs using delegated AccessToken obtained through your CSP app and customer consent

Apply DSC to a new or empty tenant

# Assuming you have a DSC configuration .ps1 (from Export step)
Invoke-CSPApplyM365DSCConfiguration `
  -CSPAppId $env:CSP_APP_ID `
  -CSPAppSecret $env:CSP_APP_SECRET `
  -PartnerTenantId $env:CSP_PARTNER_TENANT_ID `
  -CustomerTenantId '<customer-tenant-guid>' `
  -ConfigurationScriptPath ./M365DSC-Exports/<tenant>/Export-YYYYMMDD-HHMMSS.ps1 `
  -VerboseOutput

What happens:

  • Compiles the Configuration to MOF under a Compiled folder
  • Applies the MOF via DSC to configure the tenant

Troubleshooting:

  • If Export-M365DSCConfiguration or Start-DSCConfiguration are not recognized, ensure Microsoft365DSC is installed and use Windows PowerShell 5.1 when applying DSC
  • Access denied indicates missing Graph permissions or lack of customer consent for your CSP app

Create a brand-new CSP customer from a Golden Image

New-CSPCustomerTenant `
  -CSPAppId $env:CSP_APP_ID `
  -CSPAppSecret $env:CSP_APP_SECRET `
  -PartnerTenantId $env:CSP_PARTNER_TENANT_ID `
  -CompanyName 'Contoso Widgets' `
  -DomainPrefix 'contosowidgets' `
  -CountryCode 'US' `
  -AdminEmail 'owner@contoso.com' `
  -AdminDisplayName 'Contoso Owner' `
  -AdminPassword (Read-Host 'Temp admin pwd' -AsSecureString | ConvertFrom-SecureString -AsPlainText) `
  -GoldenImageConfigurationPath ./M365DSC-Exports/<ref-tenant>/Export-YYYYMMDD-HHMMSS.ps1 `
  -GrantDelegatedAdmin -PurchaseBaselineSKUs

Details:

  • Creates the customer tenant via Partner Center APIs
  • Optionally initiates Delegated Admin Relationship (DAR)
  • Optionally purchases a baseline SKU (example: Business Premium)
  • Applies your Golden Image DSC to configure the tenant

Security and consent model

  • The CSP application must be multi-tenant and granted required Microsoft Graph permissions. Grant-CSPCustomerConsent helps establish consent per customer
  • DSC operations use delegated AccessToken for the target customer. Some resources may require application permissions or not support token-based auth; the functions surface clear errors in those cases

Example scripts

  • examples/11-ExportM365DSC.ps1
  • examples/12-ApplyM365DSC.ps1
  • examples/13-NewTenantFromGoldenImage.ps1

Notes

  • If you hit an MFA-related sign-in error, sign into portal.azure.com with your CSP account to satisfy MFA, then re-run.

License & Support

MIT licensed. Contributions welcome via pull requests.

About

Functions for connecting to customers using CSP credentials through Microsoft Graph

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages