Microsoft API Update - 12-Jan-2022

Comments

12 comments

  • Dan B

    Jeff - a couple comments:

    • access to the "App Registrations" is actually from the regular Azure portal (not AAD portal). Here is the direct link 
    • I did not notice the CallRecords.Read.All permission within our app (which I see in your screenshot), do we need to add this permission to our partner app as well?
    0
    Comment actions Permalink
  • Jeff

    The CallRecords permission is not required as of now. I think this is leftover from an internal test. I'll update the screenshot. Unfortunately, as we add more features and in order to stay the least permissive, adding rights may be a regular issue as we add more features or as Microsoft reworks their existing interface. For example, there is now a Domain.Read.All permission we can use to replace the more permissive Domain.ReadWrite.All. The PowerShell script will include this change as well next week.

    0
    Comment actions Permalink
  • Dan B

    I don't mind making changes to the partner app, actually it is one of the easiest things I have done all week. The only thing I would suggest is having a way to check into the status of permission health, is that something we can get as a feature?  (or is it already there and I didn't know about it)

    We are using a really cool app called CIPP for multi-tenant 365 management and it has a handy permission checker, adding a screengrab for that below. 

    0
    Comment actions Permalink
  • Jeff

    That is pretty cool. The goal is to check permissions and flag problems in the Partner Advisories, but we don't have that up yet.

    1
    Comment actions Permalink
  • Jeremy Barnes

    You guys should really look at CIPP and the MSPGeek organization. So much integration :D

    I do see the user logins app in the AAD Enterprise apps, but not in Azure App registrations. I think if you did a Direct Access this is how it shows up, and you cannot modify the permissions via the AAD Portal.

    also, do you have a link to the powershell script or the KB article there?

    1
    Comment actions Permalink
  • Jeff

    The correct PowerShell script is now available under Partner Settings - Microsoft Partner under the PowerShell tab. You just rerun the original setup script for Microsoft integration. To reconnect, companies set up directly just go to Account - Settings (client-side) and just reconnect the Admin application. It prompts for the updated permissions.

    0
    Comment actions Permalink
  • Lowell Picklyk

    Thanks for making this an easy process! Could you make the screenshot clickable so we could see it clearer? My eyes ain't what they used to be.

    0
    Comment actions Permalink
  • Dave Brewer

    I get the following error when running the script:

    0
    Comment actions Permalink
  • Dave Brewer

    I'm sorry but this is not working.

     

    0
    Comment actions Permalink
  • Jeremy Barnes

    hi Dave,

     Open the ps1 in Notepad, and then re-save it via Save As, and change the encoding to UTF-8 w/ BOM

     

    I don't know why, but that fixed it for me.

    0
    Comment actions Permalink
  • Jeff

    Downloading and running the file always seems to have issues. Following the steps here and running through ISE always seems to work:

    https://support.cloudradial.com/hc/en-us/articles/360031039112-Setting-up-Microsoft-Partner-Access

     

    0
    Comment actions Permalink
  • Jeff

    Don't have a click and zoom in Zendesk so simply right-click the image open in a new tab and it appears full size.

    0
    Comment actions Permalink

Article is closed for comments.