Link a partner ID to your account that is used to manage customers - Microsoft Cost Management (2023)

Microsoft partners provide services that help customers achieve business goals and missions using Microsoft products. When a partner acts on behalf of the customer to manage, configure, and support Azure services, the partner's users will need access to the customer's environment. When partners use the Partner Manager Link (PAL), they can associate their Partner Network ID with the credentials used to provide the service.

The PAL enables Microsoft to identify and recognize partners who drive success for Azure customers. Microsoft can allocate influence and revenue consumed by Azure to your organization based on account (Azure role) and scope (subscription, resource group, resource) permissions. If a group has access to Azure RBAC, all users in the group will recognize the PAL.

Get access from your customer

Before linking your Partner ID, your customer must grant you access to their Azure resources by doing one of the following:

• guest user: Your customer can add you as a guest user and assign any Azure role. For more information, seeAdd guest users from another directory.

• directory account: Your customer can create a user account for you in their own directory and assign them any Azure role.

• service manager- Your customer can add an app or script from your organization to their directory and assign any Azure role. The identity of the application or script is known as the service principal.

• blue lighthouse: Your customer can delegate a subscription (or resource group) so that their users can work on it from their tenant. For more information, seeblue lighthouse.

Link to a partner ID

Once you have access to customer resources, use the Azure portal, PowerShell, or the Azure CLI to link your partner ID to your user ID or service principal. Link the partner ID in each customer tenant.

Use the Azure portal to link to a new partner ID

1. Go toLink to a partner IDno portal does Azure.

2. Sign in to the Azure portal.

3. Enter the Microsoft Partner ID. The partner ID is theMicrosoft Cloud Partner ProgramYour organization ID. Be sure to use theassociated partner IDdisplayed on your partner profile.

   

   See Also

   Keyboard Input (Introduction to Win32 and C++) - Win32 ApplicationsUsing Python for scripting and automationGrant apps permission to access an Azure Key Vault using Azure RBACConsole overview: Microsoft Edge development

4. To link a partner ID to another customer, change directory. Underchange directory, select your directory.

   

Use PowerShell to link to a new Partner ID

1. install theThe.management.partnerPowerShell module.

2. Sign in to the customer's tenant with the user account or service principal. For more information, seeSign in with PowerShell.

   C:\> Connect-AzAccount -TenantId XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

3. Link to the new partner ID. The partner ID is theMicrosoft Cloud Partner ProgramYour organization ID. Be sure to use theassociated partner IDdisplayed on your partner profile.

   C:\> New-AzManagementPartner -PartnerId 12345

Get Linked Partner ID

C:\> Get-AzManagementPartner

Update Linked Partner ID

C:\> Actualizar-AzManagementPartner-PartnerId 12345

Remove Linked Partner ID

C:\> Remove-AzManagementPartner -PartnerId 12345

Use the Azure CLI to link to a new partner ID

1. Install the Azure CLI extension.

   C:\ extension az add --management partner name

2. Sign in to the customer's tenant with the user account or service principal. For more information, seeSign in with the Azure CLI.

   C:\ az login --tenant <tenant>

3. Link to the new partner ID. The partner ID is theMicrosoft Cloud Partner ProgramYour organization ID.

   C:\ az managementpartner create --partner-id 12345

Get Linked Partner ID

C:\ show management partners

Update Linked Partner ID

C:\ az managementpartner update --partner-id 12345

Remove Linked Partner ID

C:\ az managementpartner delete --partner-id 12345

Next steps

Join the discussion aboutMicrosoft Partner Communityto receive updates or send feedback.

Frequent questions

What PAL identity permits are required to show income?

PAL can be as granular as a resource instance. For example, a single virtual machine. However, PAL is defined in a user account. The Azure Consumed Revenue Measurement (ACR) scope is any administrative permissions a user account has in the environment. An administrative scope can be a subscription, a resource group, or a resource instance using standard Azure RBAC roles.

For example, if you are a partner, your client could hire you to do a project. Your customer may provide you with an administrative account to deploy, configure, and support an application. Your client can define their access to a group of resources. If you use PAL and associate your MPN ID with the administrative account, Microsoft will measure revenue consumed from services within the resource group.

If the Azure AD identity used for PAL is deleted or disabled, the ACR mapping will break for the partner on the associated resources.

Various partner programs have different rules for RBAC roles. Please contact your partner development manager for rules on the specific Azure RBAC roles required at PAL time for the ACR assignment to take place.

For more information, see:

• Azure Partner Manager Link
• Get recognized with the partner manager link

Who can link the Partner ID?

Any user from a partner organization that manages a customer's Azure resources can link the partner ID to the account.

Can a Partner ID be changed once linked?

Yes. A Linked Partner ID can be changed, added, or removed.

What happens if a user has an account in more than one customer tenant?

The link between the Partner ID and the account is made for each customer tenant. Link the partner ID in each customer tenant.

However, if you are managing customer resources through Azure Lighthouse, you must create the link in your service provider's tenant using an account that has access to customer resources. For more information, seeLink your Partner ID to track your impact on delegated functions.

Can other partners or customers edit or remove the link to the Partner ID?

The link is associated at the user account level. Only you can edit or remove the link to the Partner ID. The customer and other partners cannot change the link to the partner ID.

Which Partner ID should I use if my company has multiple?

Be sure to use theassociated partner IDdisplayed on your partner profile.

Where can I find Influenced Revenue Reports for Linked Partner ID?

Cloud product performance reports are available to partners in the Partner Center atmy dashboard. You must select Partner Manager Link as the type of partner association.

Why can't I see my client in the reports?

You cannot see the customer in the reports due to the following reasons

1. The linked user account does not haveAzure Role-Based Access Control (Azure RBAC)on any Azure customer resource or subscription.

2. The Azure subscription the user hasAzure Role-Based Access Control (Azure RBAC)access is useless.

Does Link Partner ID work with Azure Stack?

Yes, you can link your partner ID to Azure Stack.

How do I link my Partner ID if my company usesblue lighthouseto access client resources?

For Azure Lighthouse activities to be recognized, you must associate your Partner ID with at least one user account that has access to each of your integrated subscriptions. Membership is required in the service provider tenant, not in each customer tenant. For simplicity, we recommend creating a master service account in your tenant, associate it with your Partner ID, and then grant access to all customers you onboard with aIntegrated Azure feature eligible for Partner Earned Credit. For more information, seeLink your Partner ID to track your impact on delegated functions.

How do I explain the Partner Management Link (PAL) to my client?

The Partner Manager Link (PAL) enables Microsoft to identify and recognize partners who help customers achieve business objectives and realize value in the cloud. Customers must first provide partner access to their Azure resources. Once access is granted, the partner's Microsoft Cloud Partner Program ID is associated. This membership helps Microsoft understand the IT service provider ecosystem and hone the tools and programs needed to better support our mutual customers.

What data does PAL collect?

Linking PAL to existing credentials does not provide new customer data to Microsoft. It simply provides the information to Microsoft when a partner actively participates in a customer's Azure environment. Microsoft may allocate influence and revenue consumed by Azure from the customer environment to the partner organization based on the account (Azure role) and scope (Management Group, Subscription, Resource Group, Resource) permissions provided to the partner. partner for the client.

Does this affect the security of a customer's Azure environment?

PAL membership only adds the partner ID to the already provisioned credential and does not change any permissions (Azure role) or provide other Azure service data to the partner or Microsoft.

What happens if the PAL identity is removed?

If the Partner Network ID, also known as the MPN ID, is deleted, all recognition mechanisms, including Azure Consumed Revenue Attribution (ACR), stop working.