In this part 3 of CSP and powershell I will show how you can connect to azureAD of a customer tenant using your CSP app credentials and refreshtoken. This is almost the same procedure as we use to connect to az. We will start with the same variables as in part 2. Remember to keep your credential and secure, as it will give access to all your tenants.<\/p>\n\n\n\n
\n\n$app=get-credential # Get AppID and Key for out partnecenter app. (created in part 1)
\n$refreshtoken = 'refreshtoken' # From part 1 or whenever we get a new one.
\n$CustomerTenantID= 'Azure directory object id'<\/div><\/div>\n\n<\/pre>\n\n\n\nStruggled for a while to get this to work. The important thing is the endpoints and when to use the customer tenant ID.<\/p>\n\n\n\n
\n\n$azureToken = New-PartnerAccessToken -Resource "https:\/\/graph.microsoft.com\/" -Credential $app -RefreshToken $refreshtoken -TenantId $CustomerTenantID
\n$graphToken = New-PartnerAccessToken -RefreshToken $refreshToken -Resource "https:\/\/graph.windows.net\/" -Credential $app -TenantId $CustomerTenantID
\n
\nConnect-Azuread -aadAccessToken $graphToken.AccessToken -msAccessToken $azureToken.AccessToken -TenantId $CustomerTenantID -AccountId $app.username<\/div><\/div>\n\n<\/pre>\n\n\n\nSo now you can use get-azureaduser to get users from this customer tenant.<\/p>\n\n\n\n
You could also use the MS online module msol to query for users, this module requires you to use tenantid as an argument.<\/p>\n\n\n\n
In part 4 I will wrap this up in a simple script allowing you to select customer tenant.<\/p>\n","protected":false},"excerpt":{"rendered":"
In this part 3 of CSP and powershell I will show how you can connect to azureAD of a customer tenant using your CSP app credentials and refreshtoken. This is almost the same procedure as we use to connect to az. We will start with the same variables as in part 2. Remember to keep … Continue reading CSP access to tenants using powershell. Part 3<\/span>