Public/PartnerActions/Initialize-Tenant.ps1

function Initialize-Tenant {
    param(
        [Parameter(Mandatory)]
        [string]$TenantId)
    process {
        $Customer = Get-Tenants | Where-Object { $_.CustomerId -eq $TenantId }
        $RelationshipParams.displayName = "Jysk IT - $(New-Guid)"
        $RelationshipParams.customer.tenantId = $TenantId
        $RelationshipParams.customer.displayName = $Customer.DisplayName

        # Connect to our partner tenant
        Connect-CustomerGraph -CustomerTenantId $PartnerTenantId

        Write-Host "Instructions:" -ForegroundColor Yellow
        Write-host "1. Log in using the Curanet-provided admin credentials in a Microsoft Edge inPrivate window (admin@$($Customer.DefaultDomainName))." -ForegroundColor Cyan
        Write-host "2. You will be asked to change the password - change it to something random, it does not matter." -ForegroundColor Cyan
        Write-Host "3. Consent to their GDAP invitation from the Curanet control panel." -ForegroundColor Cyan
        Write-Host "4. When logged in and ready, continue here."
        Read-Host "Press any key to continue.."

        try {
            $Relationship = New-MgTenantRelationshipDelegatedAdminRelationship -BodyParameter $RelationshipParams -ErrorAction Stop
            Write-Host "Created new GDAP relationship: $($Relationship.DisplayName)" -ForegroundColor Green
        } catch {
            throw "Failed to create GDAP relationship: $_"
        }

        try {
            New-MgTenantRelationshipDelegatedAdminRelationshipRequest -DelegatedAdminRelationshipId $Relationship.Id -Action "LockForApproval" -ErrorAction Stop | Out-Null
            Write-Host "Sucessfully locked relationship for approval" -ForegroundColor Green
        } catch {
            throw "Failed to lock relationship for approval: $_"
        }

        $InvitationLink = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($Relationship.Id)"

        Write-Host "GDAP Invitation link: $($InvitationLink)" -ForegroundColor Cyan
        Write-Host "Accept the invitation!"

        # Wait for approval
        try {
            $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id -ErrorAction Stop
            while($RelationshipCheck.Status -ne "active") {
                Write-Host "Waiting for approval.."
                Start-Sleep -Seconds 5
                $RelationshipCheck = Get-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $Relationship.Id -ErrorAction Stop
            }
        } catch {
            throw "Failed to wait for approval: $_"
        }


        Write-Host "GDAP relationship approved!" -ForegroundColor Green

        New-GDAPAccessAssignments -RelationshipId $Relationship.Id

        # Get consent for our SAM application
        Set-SAMConsent -CustomerTenantId $TenantId

        Connect-CustomerGraph -CustomerTenantId $TenantId

        # 12/03-24 We should require MFA and not just disable Security Defaults, unless they have Conditional Access
        #Disable-SecurityDefaults -TenantId $TenantId

        New-AdminUser -TenantId $TenantId

        Add-CompanyBranding -TenantId $TenantId

        Disconnect-CustomerGraph

        Write-Host "Completed initializing tenant!" -ForegroundColor Green
    }
}