A modern .NET application that helps Microsoft partners link their Partner ID (Associated PartnerID) to all accessible Microsoft Entra tenants, enabling proper partner recognition and revenue attribution.
Partner Admin Link (PAL) enables Microsoft to identify and recognize partners who drive Azure customer success. By linking your Microsoft AI Cloud Partner Program (Associated PartnerID) to customer tenants, Microsoft can:
- ✅ Attribute revenue from your customers' Azure consumption to your organization
- ✅ Recognize your impact on customer success and business outcomes
- ✅ Provide insights into your partner engagement effectiveness
- ✅ Enable partner incentives based on customer growth
- 🔐 Multiple Authentication Methods: Support for both Interactive and Device Code Flow authentication
- 🔍 Automatic Tenant Discovery: Finds all Microsoft Entra tenants you have access to
- 🔗 Bulk Partner ID Linking: Link your Partner ID to multiple tenants at once
- 📊 Progress Tracking: Real-time progress feedback during bulk operations
- 🎨 Modern Console UI: Beautiful text-based interface using Spectre.Console
┌─────────────────────────────────────────────────────────────┐
│ Partner Admin Link Tool │
├─────────────────────────────────────────────────────────────┤
│ Console UI Layer (PartnerAdminLinkTool.UI) │
│ ├─ Spectre.Console for beautiful terminal UI │
│ ├─ Interactive menus and progress bars │
│ └─ Device Code Flow & Interactive Auth support │
├─────────────────────────────────────────────────────────────┤
│ Core Business Logic (PartnerAdminLinkTool.Core) │
│ ├─ Authentication Service (MSAL.NET) │
│ ├─ Tenant Discovery Service (Azure Management API) │
│ ├─ Partner Link Service (Azure Management API) │
│ └─ Clean, testable, well-documented code │
├─────────────────────────────────────────────────────────────┤
│ External APIs │
│ ├─ Azure Management API (tenant discovery & PAL linking) │
│ └─ Microsoft Identity Platform (authentication) │
│ Note: Microsoft Graph removed to avoid consent issues │
└─────────────────────────────────────────────────────────────┘
- .NET 8.0 SDK or later
- Microsoft AI Cloud Partner Program (Associated PartnerID)
- Access to customer tenants (as guest user or member)
- Appropriate permissions in customer tenants (Contributor or higher)
# Clone the repository
git clone https://github.com/lukemurraynz/Partner-Admin-Link-PAL-Tool.git
cd Partner-Admin-Link-PAL-Tool
# Restore dependencies and build
dotnet restore
dotnet build
# Run the application
cd src/PartnerAdminLinkTool.UI
dotnet run- Click the "Code" button on this repository
- Select "Codespaces" tab
- Click "Create codespace on main"
- Wait for the environment to set up automatically
- Run
dotnet runin the terminal
Important: This tool previously used Microsoft Graph for enhanced tenant discovery, but this dependency has been completely removed to address consent issues in organizations that block Microsoft Graph APIs.
- Consent Issues: Many organizations block
Directory.Read.AllandManagedTenants.Read.Allpermissions - Not Essential: Microsoft Graph was only used for friendly tenant names and domains
- PAL Still Works: Core PAL functionality requires only Azure Management API
- ✅ PAL linking/unlinking: Still works perfectly (uses Azure Management API)
- ✅ Tenant discovery: Still works perfectly (uses Azure Management API)
- ❌ Friendly tenant names: Now shows tenant IDs instead of organization names
- ✅ No consent issues: Only requires
https://management.azure.com/user_impersonation
This tool is now perfect for organizations with strict Microsoft Graph policies, as it requires only:
- Azure Management API access (standard for Azure administration)
- Basic authentication permissions (which most users already have)
When you first run the tool, you'll need to authenticate:
Interactive Authentication (recommended for desktop):
- Opens a browser window for sign-in
- Faster and more user-friendly
Device Code Authentication (for servers/restricted environments):
- Displays a code and URL
- Sign in on another device with the code
The tool automatically discovers all Microsoft Entra tenants you have access to, showing:
- Tenant name and domain
- Your access level (guest/member)
- Current Partner ID links (if any)
Enter your Microsoft AI Cloud Partner Program (Associated Partner ID) and the tool will:
- Validate the ID format
- Link it to all accessible tenants
- Show real-time progress
- Report success/failure for each tenant
Visit the Releases page to download pre-built executables for your platform:
- Windows:
PartnerAdminLinkTool-win-x64.zip(64-bit),PartnerAdminLinkTool-win-x86.zip(32-bit),PartnerAdminLinkTool-win-arm64.zip(ARM64)
Advantages of pre-built releases:
- ✅ No .NET SDK installation required
- ✅ Self-contained executables
- ✅ Automatic updates via GitHub releases
- ✅ Multiple platform support
- Download the appropriate package for your platform
- Extract the archive to a folder
- Follow the setup instructions in
APP_REGISTRATION_SETUP.md - Run the executable to start the tool
This repository uses GitHub Actions for automated building and releasing:
- 🔄 Continuous Integration: Automatic building and testing on every commit
- 📦 Multi-Platform Builds: Automatic creation of executables for Windows, Linux, and macOS
- 🏷️ Tag-Based Releases: Create a release by pushing a version tag (e.g.,
v1.0.0) - 📋 Release Notes: Automatically generated comprehensive release notes
# Create and push a version tag
git tag 1.0.0
git push origin 1.0.0
# Or create a manual release via GitHub Actions UISee GitHub Actions Documentation for detailed information about the CI/CD pipeline.
{
"Authentication": {
"ClientId": "14d82eec-204b-4c2f-b7e8-296a70dab67e",
"Authority": "https://login.microsoftonline.com/organizations",
"RedirectUri": "http://localhost"
},
"Logging": {
"LogLevel": {
"Default": "Information"
}
}
}You can also configure using environment variables:
Authentication__ClientId: Azure AD application client IDAuthentication__Authority: Authentication authority URL (should behttps://login.microsoftonline.com/organizationsfor Azure Resource Manager compatibility)
src/
├── PartnerAdminLinkTool.Core/ # Core business logic
│ ├── Models/ # Data models
│ ├── Services/ # Business services
│ └── Extensions/ # Utility extensions
├── PartnerAdminLinkTool.UI/ # Console application
│ ├── Services/ # UI services
│ └── Program.cs # Application entry point
tests/
├── PartnerAdminLinkTool.Tests/ # Unit tests
docs/ # Additional documentation
.devcontainer/ # GitHub Codespaces config
dotnet testThis project follows Microsoft's coding conventions and includes extensive documentation for beginners:
- Clean Architecture: Separation of concerns with Core and UI layers
- Dependency Injection: All services are registered and injected
- Async/Await: Proper asynchronous programming patterns
- Error Handling: Comprehensive exception handling and logging
- Documentation: Every class and method is fully documented
- No credentials stored: Uses MSAL.NET token cache securely
- Least privilege: Only requests necessary API permissions
- Secure communication: All API calls use HTTPS
- No third-party dependencies: Direct REST API calls to Microsoft services
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: Check this README and inline code comments
- Issues: Create an issue on GitHub for bugs or feature requests
- Discussions: Use GitHub Discussions for questions and community support
- PAL Association: Only adds your Partner ID to existing credentials
- No Permission Changes: Does not alter user permissions or access
- Revenue Attribution: May take 24-48 hours to appear in partner reports
- Customer Consent: Ensure you have proper agreements with customers before linking
Built with ❤️ for the Microsoft Partner Community