Technical stuff that might be useful

We had a couple of incorrectly named tenants in our partner portal. The name was correct for everything on the tenant’s side, only wrong on the partner portal.

A helpful MS support agent sent me this which sorted it out.

    •    Symptom – Change Customer display name on Partner Center portal

    •    Resolution –

• We informed you that the contract entity is made at the time of establishing the reseller relationship with your end customer.
• This entity contracts have attributes like displayName, defaultDomainName etc. which is not automatically updated if the customer tenant’s attributes gets change.
• However, using the graph explorer we made the changes in the display name of the customer in the partner center portal. This can also be used to make changes to the domain name present in the agreement. This contract entity can be accessed/modified using the graph API and below are the steps for future reference:

1. Log into https://graphexplorer.azurewebsites.net/ using your partner Global Admin credentials.
2. Get the list of the Partner Contacts using the following REST Call mentioned in (a) else if you have high list of customers, you can make use of filters in the endpoint URL(b).

2. GET https://graph.windows.net/myorganization/contracts?api-version=1.6
3. GET https://graph.windows.net/myorganization/contracts?$filter=startswith(defaultDomainName,'<new domain name>’)
4. Copy the Object ID of the customer that you wanted to change the Company name/domain name
5. Use the following REST call to update the attributes of the contract entity:

4. PATCH https://graph.windows.net/myorganization/contracts/<object-id-of-contract>?api-version=1.6
5. Used the following JSON body as parameter:-

{

“displayName”:”New name”

}

• Post following the steps, we were successfully able to change the display name of the customer on Partner Center portal

I set myself what I thought would be a simple automation task today. I want to start syncing our clients Azure AD to Autotask to automatically create contacts. Will save an extra step when we onboard a new client or user.

To do this we have to do two things, register an app in the clients Azure AD, and grab the ID of a group that contains all the users you want to sync.

To simplify this I thought I’d use PowerShell to create a Dynamic Group on each tenancy with the same name, with a rule in it to to include all active licenced users, and grab its ID along with the clients tenant name into a CSV. Then when I need it I can just copy and paste it.

Turns out that is a little more awkward than I thought. First issue is that creating Dynamic Groups using the New-AzureADMSGroup is still a preview feature, so I needed to run:

Remove-Module
Import-Module AzureADPreview

Next I had to generate the application secret and keys on our tenancy to authenticate as a partner. I did that using Kelvin Tegelaar’s script: Connect to Exchange Online automated when MFA is enabled (Using the SecureApp Model) – CyberDrain

Running this and following all its authentication prompts generates the authentication keys you need. Keep them safe!

Next I grabbed the script from here: Re: Exchange Online and the Secure App Model – Page 2 – Microsoft Partner Community that put it all together, and came up with my final script.

Note that dynamic groups only work if the client has Azure AD P1 or higher, and it turned out that far fewer of my clients have it than I thought!

remove-module azuread
import-module AzureADPreview 
$ApplicationId         = 'Paste Application ID here as from CyberDrain Script'
$ApplicationSecret     = 'Paste Application Secret here as from CyberDrain Script' | Convertto-SecureString -AsPlainText -Force
$TenantID              = 'Your (Partners) Tenant ID'
$Upn = 'Your email address'

$RefreshToken          = 'Paste Refresh Token here as from CyberDrain Script (it will be very long)'
$ExchangeRefreshToken  = 'Paste Refresh Token here as from CyberDrain Script (it will be very long)'

# CSP Partner connection:
$credential = New-Object System.Management.Automation.PSCredential($ApplicationId, $ApplicationSecret)

$aadGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.windows.net/.default' -ServicePrincipal -Tenant $tenantID 
$graphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal -Tenant $tenantID 

Connect-AzureAD -AadAccessToken $aadGraphToken.AccessToken -AccountId $Upn -MsAccessToken $graphToken.AccessToken -TenantId $tenantID

# Find all your Customers/Clients
$Customers = Get-AzureADContract -All $True | select DefaultDomainName, CustomerContextID
# Disconnect from your AzureAD
Disconnect-AzureAD

#Loop through each tenant
foreach($customer in $Customers){

#Connect to the tenant
$CustAadGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.windows.net/.default' -ServicePrincipal -Tenant $Customer.CustomerContextId
$CustGraphToken = New-PartnerAccessToken -ApplicationId $ApplicationId -Credential $credential -RefreshToken $refreshToken -Scopes 'https://graph.microsoft.com/.default' -ServicePrincipal -Tenant $Customer.CustomerContextId
# Connect to Tenant's Azure AD
Connect-AzureAD -AadAccessToken $CustAadGraphToken.AccessToken -AccountId $upn -MsAccessToken $CustGraphToken.AccessToken -TenantId $customer.CustomerContextId

# Create Dynamic group
New-AzureADMSGroup -DisplayName "Azure AD Sync" -Description "Dynamic group for Syncing to Autotask" -MailEnabled $false -MailNickName "group" -SecurityEnabled $true -GroupTypes "DynamicMembership"  -MembershipRuleProcessingState "On" -MembershipRule "(user.accountEnabled -eq True) and (user.objectId -ne null) and (user.userType -eq ""Member"") and not (user.assignedPlans -all (assignedPlan.servicePlanId -eq """"))"

$groupresult = get-azureadmsgroup -SearchString "Azure Ad Sync"

#Write Tenant's Domain name and the Group ID to a CSV
Add-Content -Path .\Groups.csv -Value "$($customer.DefaultDomainName), $($groupresult.id)"

#Screen output so you know it is doing something!
write-host $customer.DefaultDomainName, $groupresult.id, " Tenant ID ", $customer.CustomerContextId
# Then: Disconnect-AzureAD  when done with each Customer, unless also connecting to ExchOnline
Disconnect-AzureAD

}

My next step may be to generate the application and write out the apps ID and secret for importing to Autotask.

Going live tomorrow (21st April 2020) Microsoft are renaming some of the Office 365 and Microsoft 365 products. I guess this is what happens when the marketing department have too much time on their hands.

They are renaming all the Business Office 365 range into a Microsoft 365 naming convention.

https://www.microsoft.com/en-gb/microsoft-365/blog/2020/03/30/new-microsoft-365-offerings-small-and-medium-sized-businesses/

Office 365 Business Essentials	is now	Microsoft 365 Business Basic
Office 365 Business Premium	is now	Microsoft 365 Business Standard
Microsoft 365 Business	is now	Microsoft 365 Business Premium
Office 365 Business	is now	Microsoft 365 Apps for business
Office 365 ProPlus	is now	Microsoft 365 Apps for enterprise

Microsoft have launched an update to Teams that allows you to change your background. But what if you don’t want to use one of their preinstalled images?

Simply copy the image of your choice to:

%appdata%\Microsoft\Teams\Backgrounds\Uploads

And it will be available to choose.

If % appdata% doesn’t work then it will be something like:

C:\Users\adam\AppData\Roaming\Microsoft\Teams\Backgrounds\Uploads

Now you can appear in lockdown meetings as if you are at your favourite place.