Public/Initialize-CustomerTenant.ps1
function Initialize-CustomerTenant { [CmdletBinding()] param( [Parameter(Mandatory)] [string]$CustomerTenantId ) try { # Step 1: Connect to partner tenant Write-ModuleLog -Message "Connecting to partner tenant..." -Level Info -Component 'CustomerInitialization' Connect-CustomerGraph -CustomerTenantId $script:Config.PartnerTenantId # Step 2: Get customer info and show instructions $customer = Get-PartnerCustomer -CustomerTenantId $CustomerTenantId if (!$customer) { Write-ModuleLog "Customer with tenant ID $CustomerTenantId not found" -Level Error -Component 'CustomerInitialization' -ThrowError return } Write-ModuleLog -Message "Setting up application consent for $($customer.DisplayName)" -Level Info -Component 'CustomerInitialization' Write-Host "`nInstructions:" -ForegroundColor Yellow Write-Host "1. Log in using the Curanet-provided admin credentials in a Microsoft Edge inPrivate window (admin@$($customer.DefaultDomainName))" -ForegroundColor Cyan Write-Host "2. You will be asked to change the password - change it to something random, it does not matter" -ForegroundColor Cyan Write-Host "3. Consent to their GDAP invitation from the Curanet control panel" -ForegroundColor Cyan Write-Host "4. When logged in and ready, continue here" -ForegroundColor Cyan Read-Host "`nPress Enter to continue" # Step 3: Create GDAP relationship Write-ModuleLog -Message "Creating GDAP relationship for $($customer.DisplayName)" -Level Info -Component 'CustomerInitialization' $relationship = New-GDAPRelationship -CustomerTenantId $CustomerTenantId # Step 4: Show invitation link $InvitationLink = "https://admin.microsoft.com/AdminPortal/Home#/partners/invitation/granularAdminRelationships/$($relationship.Id)" Write-ModuleLog -Message "GDAP relationship created." -Level Info -Component 'CustomerInitialization' Write-ModuleLog -Message "Invitation link: $($InvitationLink)" -Level Info -Component 'CustomerInitialization' Write-ModuleLog -Message "Please accept the invitation link to grant access to the customer" -Level Info -Component 'CustomerInitialization' # Step 5: Wait for approval if (Wait-GDAPApproval -RelationshipId $relationship.Id) { # Step 6: Set GDAP permissions Write-ModuleLog -Message "Setting up GDAP permissions for $($customer.DisplayName)" -Level Info -Component 'CustomerInitialization' Set-GDAPPermissions -RelationshipId $relationship.Id # Step 7: Set up application consent Write-ModuleLog -Message "Setting up application consent for $($customer.DisplayName)" -Level Info -Component 'CustomerInitialization' Set-ApplicationConsent -CustomerTenantId $CustomerTenantId -Force # Step 8: Connect to customer tenant and set up admin user Write-ModuleLog -Message "Setting up administrator account for $($customer.DisplayName)" -Level Info -Component 'CustomerInitialization' New-AdminUser -TenantId $CustomerTenantId # Step 9: Set up company branding Write-ModuleLog -Message "Setting up company branding for $($customer.DisplayName)" -Level Info -Component 'CustomerInitialization' Add-CompanyBranding -TenantId $CustomerTenantId Write-ModuleLog -Message "Tenant initialization completed successfully!" -Level Info -Component 'CustomerInitialization' } } catch { Write-ModuleLog -Message "Failed to initialize tenant: $_" -Level Error -Component 'CustomerInitialization' } finally { Write-ModuleLog -Message "Disconnecting from partner tenant..." -Level Info -Component 'CustomerInitialization' Disconnect-MgGraph -ErrorAction SilentlyContinue | Out-Null } } |