What is an Azure CSP?

Azure CSP is a program for Microsoft partners. It’s also a license channel for various Microsoft cloud services. In addition, it’s a new way to provide added value for customers while creating an end-to-end relationship with them and becoming a trusted advisor for various Microsoft cloud services, including Azure.

Azure CSP direct and Azure CSP indirect

There are two different business models in the Azure CSP program: Azure CSP direct (one tier) and Azure CSP indirect (two tiers).

Azure CSP direct

Azure CSP direct (Tier 1) partners work with Microsoft directly. They take on the entire customer relationship, including support, billing, and invoicing. They become a customer’s only point of contact for their Azure services. This provides continuity in the customer experience and helps build strong business relationships.

Azure CSP indirect

The Azure CSP indirect model (Tier 2) defines two types of partners: Azure CSP indirect providers (distributors) and Azure CSP indirect resellers. Azure CSP indirect providers work with Microsoft directly, but reach customers indirectly through their partner channel, Azure CSP resellers.

Azure CSP indirect reseller is a good choice for partners who don’t want to manage as much infrastructure as an Azure CSP direct partner, so they team up with an indirect provider to handle their support, billing, and invoicing needs.

Available Azure Services  – Refer here

Supported Tier CoreStack currently supports Azure CSP Direct type Accounts

Pre-requisites to Onboard a Partner Account

1) Partner center user with following privileges. Login as Global admin to the partner center and create new user

  • Billing admin – To view rates, usage and invoice details
  • Sales Agent – To create and manage customers and their subscriptions

2) A secure application registered with necessary API permissions

STEPS FOR IMPLEMENTING SECURE APPLICATION MODEL

Create a Web App in your tenant:

Go to Azure Active Directory App registration New registration

To Update Redirect URI if not provided during app creation: Under Azure Active Directory > App Registrations > Your app > Authentication

Update under your app API Permissions so that your App can access “Microsoft Partner Center

Generate Secret Key for Web App under App > Settings > Keys

Grant Admin Consent:

Form the consent URL below:

https://login.microsoftonline.com/<Tenant_ID>/oauth2/authorize?client_id= <Web_App_Client_ID> &&redirect_uri= <RedirectURI> &response_type=code&prompt=admin_consent 

Note: You can get <Tenant_ID>,<Web_App_Client_ID> and <RedirectURI> that you have set as Reply URL from your registered App.

Open an In-Private or In-Cognito mode of browser and access the above Admin Consent URL.

  • Login using your Admin (GA + Admin Agent) and accept it.
  • The page will be redirecting the redirect_uri but the address bar will have the Authorization Code.

Admin Consent has been granted successfully now.

Onboarding Partner Account in CoreStack

Login to CoreStack portal -> Cloud Accounts -> Azure_CSP-Direct -> Add Account

  • Provide the Tenant ID, Application ID, Application Secret and Redirect URI (created through the above secure app model)
  • For Authorization code
    1. Login as the newly created partner center user. In the same browser, browse the following URL:
    Login as the newly created partner center user. In the same browser, browse the following URL  
    https://login.microsoftonline.com/common/oauth2/authorize?client_id=<web_app_id>&response_type=code&redirect_url=<redirect_uri></redirect_uri></web_app_id>

    2. An auth code will be generated in the address bar. Provide this code in onboarding page and Click next

  • Select the roles in the next Authorization tab to enable users under those roles to view this CSP account

  • Once the partner account has been onboarded successfully, customer accounts can be created / on-boarded under Cloud Accounts -> Azure -> New Account
  • While onboarding customer accounts, the subscription type has to be selected as “Azure_CSP-Direct” and the parent account has to be selected
Impacts on Azure Partner Center / Subscription:
  • No resources will be created during partner account onboarding.
  • The on-boarded partner account will be used only to fetch customer subscription details and cost details (usage and invoice). This data is fetched only for the customer accounts onboarded in CoreStack.
  • There is no billing impact in partner account caused by CoreStack after onboarding
  • The Partner account will not have any impact after onboarding unless you create a customer account through CoreStack. When you create a customer account, a new customer will be created with Azure plan and a customer user under the new account is also created.