JyskIT.Automation

0.1.8

Public/PartnerActions/Initialize-Tenant.ps1

                                function Initialize-Tenant {

    param(

        [Parameter(Mandatory)]

        [string]$TenantId)

    process {

        $Customer = Get-Tenants | Where-Object { $_.CustomerId -eq $TenantId }

        $RelationshipName = "Jysk IT (tmp) - $($Customer.DisplayName)".Replace("æ","ae").Replace("ø","oe").Replace("å","aa").Replace("/","")

        $RelationshipParams.displayName = $RelationshipName

        $RelationshipParams.customer.tenantId = $TenantId

        $RelationshipParams.customer.displayName = $Customer.DisplayName

        # Connect to our partner tenant

        Connect-CustomerGraph -CustomerTenantId $PartnerTenantId

        Write-Host "Instructions:" -ForegroundColor Yellow

        Write-host "1. Log in using the Curanet-provided admin credentials in a Microsoft Edge inPrivate window (admin@$($Customer.DefaultDomainName))." -ForegroundColor Cyan

        Write-host "2. You will be asked to change the password - change it to something random, it does not matter." -ForegroundColor Cyan

        Write-Host "3. Consent to their GDAP invitation from the Curanet control panel." -ForegroundColor Cyan

        Write-Host "4. When logged in and ready, continue here."

        Read-Host "Press any key to continue.."

        try {

            $Relationship = New-MgTenantRelationshipDelegatedAdminRelationship -BodyParameter $RelationshipParams

            Write-Host "Created new GDAP relationship: $($Relationship.DisplayName)" -ForegroundColor Green

        } catch {

            Write-Error "Failed to create GDAP relationship: $_"

        }

        $RelationshipRequestParams = @{

            action = "lockForApproval"

        }

        try {

            New-MgTenantRelationshipDelegatedAdminRelationshipRequest -DelegatedAdminRelationshipId $Relationship.Id -BodyParameter $RelationshipRequestParams | Out-Null

            Write-Host "Sucessfully locked relationship for approval" -ForegroundColor Green

        } catch {

            Write-Error "Failed to lock relationship for approval: $_"

        }

        $InvitationLink = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($Relationship.Id)"

        Write-Host "Opened GDAP invitation link in Edge inPrivate. ($($InvitationLink))"

        Start-Process -FilePath "msedge.exe" -Argumentlist "-inprivate", "$($InvitationLink)"

        Write-Host "Accept the invitation!"

        # Wait for approval

        $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id

        while($RelationshipCheck.Status -ne "active") {

            Write-Host "Waiting for approval.."

            Start-Sleep -Seconds 5

            $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id

        }

        Write-Host "GDAP relationship approved!" -ForegroundColor Green

        New-GDAPAccessAssignments -RelationshipId $Relationship.Id

        # Get consent for our SAM application

        Set-SAMConsent -CustomerTenantId $TenantId

        Connect-CustomerGraph -CustomerTenantId $TenantId

        Disable-SecurityDefaults -TenantId $TenantId

        $AdminUser = New-AdminUser -TenantId $TenantId

        Disconnect-CustomerGraph

    }

}