Connecting to customer tenants using delegated access

If you're an IT professional providing services to Office 365 customers, connecting to Office 365 tenants for your clients can be a bit more complicated than the examples shown previously.

Most commands in the Azure AD PowerShell module will allow you to specify a -TenantId parameter. This is a GUID associated with each of your customer's tenants. But where does this value come from? You can use the Get-MsolPartnerContract to display a list of tenant IDs for the clients you have delegated access to:

Get-MsolPartnerContract -All

Unfortunately, this ID by itself is not very useful. You'll have to combine it somehow with other commands to get something you can identify as a specific client.

For example, the following command will pipe all your customer tenants into a Foreach-Object loop and output the domains associated with each:

Get-MsolPartnerContract -All | %{ Get-MsolDomain -TenantId $_.TenantId }

There is also a global variable which changes the way the Office 365 PowerShell commands behave. When you set this value, all commands will work against the specified tenant, even if no -TenantId parameter is explicitly provided:

$global:MsolTenantId

Just as working with customer tenants has idiosyncrasies in the Office 365 PowerShell module, connecting to each of the supporting services also gets a bit more complicated if you need to do so through delegated access.