The majority of CloudRadial operations are done using the Microsoft Graph. However, some operations, such as obtaining selected tenant settings, require stored credentials for running PowerShell scripts. Unfortunately, there are several ways these PowerShell scripts may not work or not work on every attempt. If you are having issues with this portion of CloudRadial, here are some areas to investigate:
- Log in to Office 365 using the credentials to verify the password has not expired and the account does not require additional verification options such as setting a phone number or alternative email address. This is an important step if you have setup a new dedicated CloudRadial admin account for access.
- Make sure that multi-factor authentication is disabled to allow script execution on our Azure-based job server(s). Depending on your settings, MFA may be disabled for certain IP addresses or regions but still be active on the account. Review your Default Policy in your Azure Active Directory for more information. - https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings
- Make sure that the customer has provided you with delegated administration to their account and that you can access their account using the credentials that you have provided to CloudRadial. - https://docs.microsoft.com/en-us/partner-center/customers_revoke_admin_privileges
- Make sure that the CloudRadial account has been authorized in your Microsoft Partner Center with global administrator and admin agent privileges. - https://docs.microsoft.com/en-us/partner-center/permissions-overview
- Make sure that all roles are enabled on the account to run the various scripts.
- PowerShell is restricted on the number of active sessions open at the same time. These limitations can sometimes prevent a PowerShell operation from completely successfully. Rerunning the company sync a second time will typically resolve this issue.
PowerShell Connection Issues
- PowerShell doesn't always connect when a session is requested. Errors related to "service unavailable" or "502 gateway" are most likely the result of failed connection attempt. You can sync the tenant manually to retry or you can ignore and the tenant will be rescanned at the next scheduled time.
Securing Your Credential
You can restrict access for this account to just the required IP addresses using Azure P1. For more information see https://radials.io/azurep1.
If you are having issues with this functionality, open a support ticket so that we can help with advanced troubleshooting options.