Public/PartnerActions/Initialize-Tenant.ps1
|
function Initialize-Tenant { param( [Parameter(Mandatory)] [string]$TenantId) process { $Customer = Get-Tenants | Where-Object { $_.CustomerId -eq $TenantId } $RelationshipParams.displayName = "Jysk IT - $(New-Guid)" $RelationshipParams.customer.tenantId = $TenantId $RelationshipParams.customer.displayName = $Customer.DisplayName # Connect to our partner tenant Connect-CustomerGraph -CustomerTenantId $PartnerTenantId Write-Host "Instructions:" -ForegroundColor Yellow Write-host "1. Log in using the Curanet-provided admin credentials in a Microsoft Edge inPrivate window (admin@$($Customer.DefaultDomainName))." -ForegroundColor Cyan Write-host "2. You will be asked to change the password - change it to something random, it does not matter." -ForegroundColor Cyan Write-Host "3. Consent to their GDAP invitation from the Curanet control panel." -ForegroundColor Cyan Write-Host "4. When logged in and ready, continue here." Read-Host "Press any key to continue.." try { $Relationship = New-MgTenantRelationshipDelegatedAdminRelationship -BodyParameter $RelationshipParams -ErrorAction Stop Write-Host "Created new GDAP relationship: $($Relationship.DisplayName)" -ForegroundColor Green } catch { throw "Failed to create GDAP relationship: $_" } try { New-MgTenantRelationshipDelegatedAdminRelationshipRequest -DelegatedAdminRelationshipId $Relationship.Id -Action "LockForApproval" -ErrorAction Stop | Out-Null Write-Host "Sucessfully locked relationship for approval" -ForegroundColor Green } catch { throw "Failed to lock relationship for approval: $_" } $InvitationLink = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($Relationship.Id)" Write-Host "GDAP Invitation link: $($InvitationLink)" -ForegroundColor Cyan Write-Host "Accept the invitation!" # Wait for approval try { $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id -ErrorAction Stop while($RelationshipCheck.Status -ne "active") { Write-Host "Waiting for approval.." Start-Sleep -Seconds 5 $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id -ErrorAction Stop } } catch { throw "Failed to wait for approval: $_" } Write-Host "GDAP relationship approved!" -ForegroundColor Green New-GDAPAccessAssignments -RelationshipId $Relationship.Id # Get consent for our SAM application Set-SAMConsent -CustomerTenantId $TenantId Connect-CustomerGraph -CustomerTenantId $TenantId # 12/03-24 We should require MFA and not just disable Security Defaults, unless they have Conditional Access #Disable-SecurityDefaults -TenantId $TenantId New-AdminUser -TenantId $TenantId Add-CompanyBranding -TenantId $TenantId Disconnect-CustomerGraph Write-Host "Completed initializing tenant!" -ForegroundColor Green } } |