Create client under CSP using powershell - powershell

We are switching from reseller/advisor accounts to CSP.
We can manually create Customers under PartnerCenter which creates the relationship as Cloud Reseller as opposed to Advisor as before.
We can create the company name fine and add License based subscriptions however when we add Usage Based Subscription it lists the subscription name as Microsoft Azure instead of our Company Name. Also we have to go into this subscription and manually create AzureReader and AzureAdmin users under the ARM Portal.
I am looking for powershell options to automate this process:
Create a new client under CSP using powershell.
Create a usage based subscription with our Company Name instead of Subscription name of Microsoft Azure under this new client.
Add the AzureReader and AzureAdmin users to the Subscription.
Any assistance is appreciated.
I looked through several forums as well as scripts on Github but have not found anything and unfortunately I am not a coder or powershell guru.

Updating my answer -
Powershell preview is out now here
i am afraid there are no power-shell to accomplish this but instead there is a .net sdk or a REST API that can help to accomplish this.
Read more here

Related

I want to use Microsoft Security Code Analysis in Azure DevOps is there any cost involved with it for using it in scanning the code

I want to use Microsoft Security Code Analysis in Azure DevOps is there any cost involved with it.
Please refer to this doc: Onboarding and installing
If you have one of the following support offerings, contact your Technical Account Manager to purchase or swap existing hours to get access to the extension.
If you do not have one of the mentioned above support agreements, you can purchase the extension from one of our Partners.
Based on the doc, you need to purchase for this tool. So it is not free.
You need to contact the corresponding email to obtain the specific payment method

Azure DevOps and Teams - one Group group to control membership to both

I have been trawling the internet and clicking myself blue in the face! Hopefully someone has a definitive answer.
I want to have one Group (in either of Azure AD, Microsoft Teams or Azure DevOps). This group must have access to a DevOps project and a Team site. When I change the membership of the group, the membership must change for both the Team and the DevOps project. I want to avoid the overhead of managing the groups for both separately.
Is this at all possible? Thanks.
This is a really good question, and the answer is not obvious at all. Ironically we had the same exact problem in Microsoft Teams - when a user was added or deleted from the underlying Office 365 Group (which is mastered in Azure AD), it would take up to an hour, sometimes more, to be reflected in Teams, which has its own copy of the member list.
There is a way to do it, and it's how Teams does it: it relies on a relatively new feature in Microsoft Graph called subscriptions. You can find the documentation for it here: https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0.
Essentially what you want to do is create a subscription to the group: POST https://graph.microsoft.com/v1.0/subscriptions with the right message body and your endpoint will be called whenever there's a membership change in the group. Your endpoint won't know what changed, just the event and some IDs - you will likely have to make a separate call to retrieve the actual data (unless the IDs alone are sufficient).
There's a sample on GitHub that illustrates how to use Microsoft Graph subscriptions including more details on how to subscribe to group notifications specifically.
One thing to be aware of is that to use these APIs, your application will require fairly elevated permissions: Group.Read.All which means it has the ability to read not only the team/group members, but all of its messages too (among other things), for every group in your Office 365 tenant. We are working with the MS Graph team to support a less-privileged, per-group permission approach, but even after that's released for Teams Graph APIs, support for that will have to be added to the subscriptions APIs I just mentioned and that may not happen for a while.

Office 365 branding with powershell

I want to automate the steps for creating a new Office 365 tenant and I would like to know if it's possible to brand an Office 365 tenant with powershell. For example saving the banner and logo pictures in a local folder and upload them to Office 365 with powershell. Is that possible?
You can not automate the whole tenant creation process using powershell;
Powershell and all other APIs requires the tenant to be created at first place, so you can connect to it and hence start playing around with remote powershell.
you will need to add custom domain (the one will be used and assigned to all O365 services), this requires adding txt DNS records apart of the domain ownership validation, thankfully managing doamins using powershell is something doable, please check this reference for complete information
Inspecting the MSOnline reference page (the one has all powershell module commands), there is no command that allows you to customize the sign-in page look using powershell, check this reference please.

How to use Microsoft (not Organizational) account with Add-AzureAccount?

I'm trying to use the Add-AzureAccount command that's part of the Azure PowerShell tools (August 2014, v0.8.6), and although various examples on the web lead me to expect that it will let me use either an organizational account or a Microsoft Account to log in, in practice, it seems to be requiring an organizational account.
When I execute the command, it opens a hosted browser window as expected, but the prompt says Sign in with your organizational account followed by a username and password. There seems to be no way to tell it that no, I actually need to use a Microsoft Account.
(As it happens, my email address is associated with both an organizational account, and also a Microsoft Account. This may not be helping.)
I could create a completely separate organizational account in an Azure Active Directory, make that a co-admin, and log in with that, but it seems like this shouldn't be necessary.
Is there some way to force it to offer me both options?
I was able to resolve this problem through trial-and-error. As Paul points out in his post, you can load your subscription info into PowerShell using the following sequence:
1. Get-AzurePublishSettingsFile
This will open a browser to a special page that lets you download your profile settings file.
Note: If you have multiple subscriptions, you must use the dropdown to select the one that contains the Azure components you want to manage. For instance, I have a BizSpark subscription that I use for my own company, and a separate MSDN subscription that my clients use (adding me as an administrator). Both subscriptions show up on my management portal page, so I needed to download 2 separate publishsettings files.
2. Import-AzurePublishSettingsFile my-subscription.publishsettings
In my case, I renamed the settings files to "BizSpark.publishsettings" and "MSDN.publishsettings", so I ran this command twice.
3. Get-AzureSubscription
This will list all of the subscriptions that have been imported into PowerShell, showing the subscription name and the other properties.
4. Select-AzureSubscription -SubscriptionName "my-subscription"
You can now use the subscription name to select the subscription you want to use. This allows you to switch back and forth between subscriptions and work with the Azure components you need to manage.
Use #outlook.com instead of the organizational address and you will be directed to the Microsoft Account login.
Azure can be signed up with either Microsoft Account or Organizational Account. Add-AzureAccount will display a message like "Sign in with your organizational account" in the browser window, but actually if you input your Microsoft Account email address into the box and move focus out, the page will redirect to Microsoft Account sign page automatically, and then you can sign in.
Sometimes you may meet some error like "The cache contains multiple tokens satisfying the requirements". You can try to clean all the existing Azure Accounts firstly and then try to sign in again.
To clean up, run Get-AzureAccount | Remove-AzureAccount.
I have a similar problem. Using Add-AzureAccount with my Microsoft Account result in adding my organizational account.
For example I run Add-AzureAccount, in the form I type davideicardi#hotmail.com (my Microsoft account) but the resulted account is davide.icardi#mycompany.com (my organizational account).
I solved by deleting all the Azure account registered on Power Shell (also the one not related to my account, using Remove-AzureAccount), then I have deleted IE cookies (not sure it this is important...), closed the powershell console and executing again Add-AzureAccount.
I suspect that there is a bug somewhere...

How to manage office 365 accounts in windows azure web site

I'd like to deploy a Office 365/Exchange Online management portal in the WAWS(Windows Azure WebSite) which could create new user/group/mailbox or change some property of specific user, etc. Is it possible to deploy this kind of web application in the WAWS environment? Should I call PowerShell and Office365 cmdlet in the ASP.NET environment? Or there are any better way to do this?
As the #Matt alludes to in his comment, there is already a web-based management portal for both of these. However, since you ask this question, I'm going to assume that you want additional functionality/customization.
The short answer is yes, you can.
User accounts in Office 365 are, behind the scenes, accounts in Azure Active Directory. So, for creating users, contacts, security groups and adding licenses, you will need to use the Azure Active Directory Graph API:
Getting Started With Windows Azure Active Directory Graph
For managing Exchange Online, you will probably want to use the Exchange Web Services Managed API 2.0. You'll probably only need this if you need to create distribution groups or manage individual users' contact folders (mailboxes for users get created when you assign an Exchange license from Azure Active Directory).
Get started with EWS Managed API client applications
Update: the Office 365 APIs were recently announced, and are now in Preview. They are a RESTful API, which can be used to manage (for now), mail, contacts and calendar items. Depending on your use case, this may be easier to deal with than the EWS Managed API 2.0.
Using the Mail, Calendar, and Contact REST APIs to work with emails, calendar items, and contacts