What is an Azure CSP?
Azure CSP is a program for Microsoft partners. It’s also a license channel for various Microsoft cloud services. In addition, it’s a new way to provide added value for customers while creating an end-to-end relationship with them and becoming a trusted advisor for various Microsoft cloud services, including Azure.
Azure CSP direct and Azure CSP indirect
There are two different business models in the Azure CSP program: Azure CSP direct (one tier) and Azure CSP indirect (two tiers).
Azure CSP direct
Azure CSP direct (Tier 1) partners work with Microsoft directly. They take on the entire customer relationship, including support, billing, and invoicing. They become a customer’s only point of contact for their Azure services. This provides continuity in the customer experience and helps build strong business relationships.
Azure CSP indirect
The Azure CSP indirect model (Tier 2) defines two types of partners: Azure CSP indirect providers (distributors) and Azure CSP indirect resellers. Azure CSP indirect providers work with Microsoft directly, but reach customers indirectly through their partner channel, Azure CSP resellers.
Azure CSP indirect reseller is a good choice for partners who don’t want to manage as much infrastructure as an Azure CSP direct partner, so they team up with an indirect provider to handle their support, billing, and invoicing needs.
Available Azure Services – Refer here
Supported Tier CoreStack currently supports Azure CSP Direct type Accounts
Pre-requisites to Onboard a Partner Account
1) Partner center user with following privileges. Login as Global admin to the partner center and create new user
- Billing admin – To view rates, usage and invoice details
- Sales Agent – To create and manage customers and their subscriptions
2) A secure application registered with necessary API permissions
STEPS FOR IMPLEMENTING SECURE APPLICATION MODEL
Create a Web App in your tenant:
Go to Azure Active Directory App registration New registration
To Update Redirect URI if not provided during app creation: Under Azure Active Directory > App Registrations > Your app > Authentication
Update under your app API Permissions so that your App can access “Microsoft Partner Center
Generate Secret Key for Web App under App > Settings > Keys
Grant Admin Consent:
Form the consent URL below:
https://login.microsoftonline.com/<Tenant_ID>/oauth2/authorize?client_id= <Web_App_Client_ID> &&redirect_uri= <RedirectURI> &response_type=code&prompt=admin_consent
Note: You can get <Tenant_ID>,<Web_App_Client_ID> and <RedirectURI> that you have set as Reply URL from your registered App.
Open an In-Private or In-Cognito mode of browser and access the above Admin Consent URL.
- Login using your Admin (GA + Admin Agent) and accept it.
- The page will be redirecting the redirect_uri but the address bar will have the Authorization Code.
Admin Consent has been granted successfully now.
Onboarding Partner Account in CoreStack
Login to CoreStack portal -> Cloud Accounts -> Azure_CSP-Direct -> Add Account
- Provide the Tenant ID, Application ID, Application Secret and Redirect URI (created through the above secure app model)
- For Authorization code
1. Login as the newly created partner center user. In the same browser, browse the following URL:
Login as the newly created partner center user. In the same browser, browse the following URL https://login.microsoftonline.com/common/oauth2/authorize?client_id=<web_app_id>&response_type=code&redirect_url=<redirect_uri></redirect_uri></web_app_id>
2. An auth code will be generated in the address bar. Provide this code in onboarding page and Click next
- Select the roles in the next Authorization tab to enable users under those roles to view this CSP account
- Once the partner account has been onboarded successfully, customer accounts can be created / on-boarded under Cloud Accounts -> Azure -> New Account
- While onboarding customer accounts, the subscription type has to be selected as “Azure_CSP-Direct” and the parent account has to be selected
Impacts on Azure Partner Center / Subscription:
- No resources will be created during partner account onboarding.
- The on-boarded partner account will be used only to fetch customer subscription details and cost details (usage and invoice). This data is fetched only for the customer accounts onboarded in CoreStack.
- There is no billing impact in partner account caused by CoreStack after onboarding
- The Partner account will not have any impact after onboarding unless you create a customer account through CoreStack. When you create a customer account, a new customer will be created with Azure plan and a customer user under the new account is also created.