Link a partner ID to your Azure accounts

Microsoft partners provide services that help customers achieve business and mission objectives using Microsoft products. When acting on behalf of the customer managing, configuring, and supporting Azure services, the partner users will need access to the customer’s environment. Using Partner Admin Link(PAL), partners can associate their partner network ID with the credentials used for service delivery.

PAL enables Microsoft to identify and recognize partners who drive Azure customer success.Microsoft can attribute influence and Azure consumed revenue to your organization based on the account's permissions (Azure role) and scope (subscription, resource group, resource ).

Get access from your customer

Before you link your partner ID, your customer must give you access to their Azure resources by using one of the following options:

  • Guest user: Your customer can add you as a guest user and assign any Azure roles. For more information, see Add guest users from another directory.

  • Directory account: Your customer can create a user account for you in their own directory and assign any Azure role.

  • Service principal: Your customer can add an app or script from your organization in their directory and assign any Azure role. The identity of the app or script is known as a service principal.

  • Azure Lighthouse: Your customer can delegate a subscription (or resource group) so that your users can work on it from within your tenant. For more information, see Azure delegated resource management.

When you have access to the customer's resources, use the Azure portal, PowerShell, or the Azure CLI to link your Microsoft Partner Network ID (MPN ID) to your user ID or service principal. Link the partner ID in each customer tenant.

  1. Go to Link to a partner ID in the Azure portal.

  2. Sign in to the Azure portal.

  3. Enter the Microsoft partner ID. The partner ID is the Microsoft Partner Network ID for your organization.

    Screenshot that shows Link to a partner ID

  4. To link a partner ID for another customer, switch the directory. Under Switch directory, select your directory.

    Screenshot that shows Switch directory

  1. Install the Az.ManagementPartner PowerShell module.

  2. Sign in to the customer's tenant with either the user account or the service principal. For more information, see Sign in with PowerShell.

     C:\> Connect-AzAccount -TenantId XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
    
  3. Link to the new partner ID. The partner ID is the Microsoft Partner Network ID for your organization.

    C:\> new-AzManagementPartner -PartnerId 12345
    

Get the linked partner ID

C:\> get-AzManagementPartner

Update the linked partner ID

C:\> Update-AzManagementPartner -PartnerId 12345

Delete the linked partner ID

C:\> remove-AzManagementPartner -PartnerId 12345
  1. Install the Azure CLI extension.

    C:\ az extension add --name managementpartner
    
  2. Sign in to the customer's tenant with either the user account or the service principal. For more information, see Sign in with the Azure CLI.

    C:\ az login --tenant <tenant>
    
  3. Link to the new partner ID. The partner ID is the Microsoft Partner Network ID for your organization.

    C:\ az managementpartner create --partner-id 12345
    

Get the linked partner ID

C:\ az managementpartner show

Update the linked partner ID

C:\ az managementpartner update --partner-id 12345

Delete the linked partner ID

C:\ az managementpartner delete --partner-id 12345

Next steps

Join the discussion in the Microsoft Partner Community to receive updates or send feedback.

Frequently asked questions

Who can link the partner ID?

Any user from the partner organization who manages a customer's Azure resources can link the partner ID to the account.

Can a partner ID be changed after it's linked?

Yes. A linked partner ID can be changed, added, or removed.

What if a user has an account in more than one customer tenant?

The link between the partner ID and the account is done for each customer tenant. Link the partner ID in each customer tenant.

Can other partners or customers edit or remove the link to the partner ID?

The link is associated at the user account level. Only you can edit or remove the link to the partner ID. The customer and other partners can't change the link to the partner ID.

Which MPN ID should I use if my company has multiple?

Partner Location Accounts and associated MPN IDs should be used for linking partner ID. Learn more about Partner Accounts

Where can I find influenced revenue reporting for linked partner ID?

Cloud Product Performance reporting is available to partners in Partner Center at My Insights dashboard. You need to select Partner Admin Link as the partner association type.

Why can't I see my customer in the reports?

You can't see the customer in the reports due to following reasons

  1. The linked user account doesn't have Role Based Access on any customer Azure subscription or resource.

  2. The Azure subscription where the user has Role Based Access access doesn't have any usage.

Does link partner ID works with Azure Stack?

Yes, You can link your partner ID for Azure Stack.

How do I link my partner ID if my company uses Azure Lighthouse to access customer resources?

If you onboard customers to Azure delegated resource management by publishing a managed services offer to Azure Marketplace, your MPN ID will automatically be associated. If you onboard customers by deploying Azure Resource Manager templates, you'll need to associate your Microsoft Partner Network (MPN) ID with at least one user account that has access to each of your onboarded subscriptions. Note that you'll need to do this in your service provider tenant. For simplicity, we recommend creating a service principal account in your tenant that is associated your MPN ID and granting it Reader access to every customer you onboard. In this example, the RBAC Reader role is used and it is one of the roles that isn't eligible for Partner Earned Credit. For more information about roles, see Roles and permissions for partner earned credit.

How do I explain Partner Admin Link (PAL) to my Customer?

Partner Admin Link (PAL) enables Microsoft to identify and recognize those partners who are helping customers achieve business objectives and realize value in the cloud. Customers must first provide a partner access to their Azure resource. Once access is granted, the partner’s Microsoft Partner Network ID (MPN ID) is associated. This association helps Microsoft understand the ecosystem of IT service providers and to refine the tools and programs needed to best support our common customers.

What data does PAL collect?

The PAL association to existing credentials provides no new customer data to Microsoft. It simply provides the telemetry to Microsoft where a partner is actively involved in a customer’s Azure environment. Microsoft can attribute influence and Azure consumed revenue from customer environment to partner organization based on the account's permissions (Azure role) and scope (Management Group, Subscription, Resource Group, Resource) provided to the partner by customer.

Does this impact the security of a customer’s Azure Environment?

PAL association only adds partner’s MPN ID to the credential already provisioned and it does not alter any permissions (Azure role) or provide additional Azure service data to partner or Microsoft.