Can't Manage Customer Tenants via Powershell.

[itwguthub]

So we run a script for monthly reporting via powershell for all our customers. The report pulls out all licensed users, and what licenses the customer tenant has. This has been working for ages, but all access via powershell has stopped on the 1st of November. ( I have been passed from Partner support to Azure to 365 and the last engineer informed me I need to come here)

We can still fully manage all customers via the Partner portal and Lighthouse, but powershell access has been revoked.

When running our script we just get " access denied "

Here is the script Connect-MsolService $customers = Get-MsolPartnerContract -All Write-Host "Found $($customers.Count) customers for $((Get-MsolCompanyInformation).displayname)." -ForegroundColor DarkGreen $CSVpath = "C:\Temp\UserLicenseReportOctober.csv" foreach ($customer in $customers) { Write-Host "Retrieving license info for $($customer.name)" -ForegroundColor Green $licensedUsers = Get-MsolUser -TenantId $customer.TenantId -All | Where-Object {$_.islicensed } foreach ($user in $licensedUsers) { Write-Host "$($user.displayname)" -ForegroundColor Yellow $licenses = $user.Licenses $licenseArray = $licenses | foreach-Object {$_.AccountSkuId} $licenseString = $licenseArray -join ", " Write-Host "$($user.displayname) has $licenseString" -ForegroundColor Blue $licensedSharedMailboxProperties = [pscustomobject][ordered]@{ CustomerName = $customer.Name DisplayName = $user.DisplayName Licenses = $licenseString } $licensedSharedMailboxProperties | Export-CSV -Pat h $CSVpath -Append -NoTypeInformation } }

[mprentice22153]

The msol and azuread cmdlets no longer work. They were only compatible with DAP and not GDAP. Time to move to using Graph and/or APIs.

[itwguthub]

The msol and azuread cmdlets no longer work. They were only compatible with DAP and not GDAP. Time to move to using Graph and/or APIs.

boo, have you pulled any reports using graph on tenants?

[Hazeeed]

Hi - did you ever setup graphs or find an alternative to this?

[itwguthub]

Hi - did you ever setup graphs or find an alternative to this?

no - not yet

[moiaune]

You can look at this page to find the equivalent cmdlet's for MS Graph: https://learn.microsoft.com/en-us/powershell/microsoftgraph/azuread-msoline-cmdlet-map?view=graph-powershell-1.0

Using Microsoft Graph requires you to setup an App Registration. Something worth noting is that DAP allowed for partner managed app registrations to be preconsented. With GDAP this feature is not available anymore so if you want to setup an app registration in your partner tenant to connect through to your customers they must manually consent to the app registration in their tenant (source).