Microsoft partners who are Power Platform and Dynamics Customer Insights service providers work with their customers to manage, configure and support Power Platform and Customer Insights resources. In order to get credit for these services, you can associate your partner network ID with the Azure credential used for service delivery in your customers’ production environments using Partner Admin Link (PAL).
The PAL allows Microsoft to identify and recognize partners that have Power Platform and Customer Insights customers. Microsoft attributes usage to a partner's organization based on the account's permissions (user role) and scope (tenant, resource, and so on). This attribution can be used for Advanced Specializations, such as the Microsoft Low Code Advanced Specializations, and Partner Incentives.
The following sections explain in more detail how to
- Get access accounts from your customer
- Attribute your access account to the product resource
- Link your access account to your partner ID
To ensure success, it is strongly recommended to use Solutions where available to import your deliverables into the customers Production Environment via a Managed Solution. When using Solutions, the account used to import the Solution becomes the owner of each deliverable inside the Solution. Linking that account to your partner ID ensures all deliverables inside the Solution are associated to your partner ID.
*Note: Solutions are not available for Power BI and Customer Insights. See detailed sections below.
Before you link your partner ID, your customer must give you access to their Production Power Platform or Customer Insights resources. They can use one of the following options:
- Directory account - Your customer can create a dedicated user account, or a user account to act as a service account, in their own directory, and provide access to the product(s) you're publishing to Production.
- Service principal - Your customer can add an app or script from your organization in their directory and provide access to the product you're working on in production. Use this accelerator script to assist with the creation, and PAL Association The identity of the app or script is known as a service principal.
The use of Solutions negates the need to understand and apply this granular understanding to each product resource where relevant. However, if you choose to not use Solutions (not recommended), follow the guidance below:
The partner user/guest account that you received from your customer and was linked through the Partner Admin Link (PAL) needs to be attributed to the resource for Power Platform or Dynamics Customer Insights to count the usage of that specific resource. The user/guest account doesn't need to be associated with a specific Azure subscription for Power Apps, Power Automate, Power BI or or Dynamics 365 Customer Insights. In many cases, it happens automatically, as the partner user is the one creating, editing, and updating the resource. Besides the logic below, the specific programs the PAL link is used for (such as the Microsoft Low Code Advanced Specializations or Partner Incentives) may have other requirements such as the resource needing to be in production and associated with paid usage.
| Product | Primary Metric | Resource | Attributed User Logic |
|---|---|---|---|
| Power Apps | Monthly Active Users (MAU) | Application | The user must be an owner/co-owner of the application. For more information, see Share a canvas app with your organization. In cases of multiple partners being mapped to a single application, the user's activity is reviewed to select the 'latest' partner. |
| Power Automate | Monthly Active Users (MAU) | Flow | The user must be the creator of the flow. There can only be one creator so there's no logic for multiple partners. |
| Power BI | Monthly Active Users (MAU) | Dataset | The user must be the publisher of the dataset. For more information, see Publish datasets and reports from Power BI Desktop. In cases of multiple partners being mapped to a single dataset, the user's activity is reviewed to select the 'latest' partner. |
| Customer Insights | Unified Profiles | Instance | Any active user of an Instance is treated as the attributed user. In cases of multiple partners being mapped to a single instance, the user's activity is reviewed to select the 'latest' partner. |
- Canvas Applications:
- Set the PAL associated User or Service Account as the owner or co-owner of the application.
- You can only change the owner via the PowerShell Set-AdminPowerAppOwner.
- When inside of a solution, and imported into another environment, the importing entity becomes the new owner.
- Model Driven Applications:
- Make sure the app creator has a PAL association.
- There is NO co-owner option, and you cannot change the owner via the GUI or PowerShell directly.
- When inside of a solution, and imported into another environment, the importing entity becomes the new owner.
- Power Automate:
- Make sure the flow creator has a PAL association
- You can easily change the owner via the web GUI or with the PowerShell Set-AdminFlowOwnerRole
- When inside of a solution, and imported into another environment, the importing entity becomes the new owner.
- Power BI:
- The act of publishing to the service sets the owner.
- Make sure the user publishing the report has a PAL association.
- Use PowerShell to publish as any user or Service Account,
- Power Virtual Agents:
- Make sure the Bot creator has a PAL association.
- You can not change the owner in the GUI or via a PowerShell command.
- When inside of a solution, and imported into another environment, the importing entity becomes the new owner.
Delivering one or many items, Solutions is the recommended and preferred method of delivery.
This chart shows the compatibility in scope to changing user accounts or dedicated service accounts after the application has been created by a non-PAL associated account to a PAL associated account.
| Product | GUI | PowerShell | PP CLI | DevOps + Build Tools |
|---|---|---|---|---|
| Power App Canvas | YES | YES | YES | YES |
| Power App Model Driven | NO | NO | YES | YES |
| Power Automate | YES | YES | YES | YES |
| Power BI (Publishing) | NO | YES | NO | NO |
| Power Virtual Agent | NO | NO | YES | YES |
This shows the compatibility in scope to changing a previously assigned user account to an Application Registration known as a Service Principal that has a PAL association.
| Product | GUI | PowerShell | PP CLI | DevOps + Build Tools |
|---|---|---|---|---|
| Power App Canvas | NO | NO | YES | YES |
| Power App Model Driven | NO | NO | YES | YES |
| Power Automate | YES | YES | YES | YES |
| Power BI (Publishing) | NO | YES | NO | NO |
| Power Virtual Agent | NO | NO | YES | YES |
When you have access to either a Production Environment User Account, or Service Account, use the graphical web-based Azure portal to link to your Microsoft Partner Network ID (Location MPN ID). For Service Principal or User Account, or Service Account use, PowerShell, or the Azure CLI to provide the link your Microsoft Partner Network ID (Location MPN ID). Link the partner ID to each customer resource.
Use the Azure portal to link a User Account, or Service Account to your Microsoft Partner Network ID
- Sign in to the Azure portal.
- Go to Link to a partner ID in the Azure portal.
- Enter the Microsoft Partner Network ID for your organization. Be sure to use the Associated MPN ID shown on your partner center profile. It's typically known as your Partner Location Account MPN ID.
- To link your partner ID to another customer, switch the directory. Under Switch directory, select the appropriate directory.
Use PowerShell to link a Service Principal or User Account, or Service Account to your Microsoft Partner Network ID
Install the Az.ManagementPartner Azure PowerShell module.
Sign into the customer's tenant with either the user account or the service principal. For more information, see Sign in with PowerShell.
Link to the new partner ID. The partner ID is the Microsoft Partner Network ID for your organization. Be sure to use the Associated MPN ID shown on your partner profile.
For more information, see Sign in with PowerShell.
Connect-AzAccount
new-AzManagementPartner -PartnerId 12345
Disconnect-AzAccount
For more information, see Sign in with PowerShell.
# Setup the script variables
$appId = #<<YOUR SERVICE PRINCIPAL ID aka AppID GOES HERE>> - [GUID]
$secretText = #<<YOUR SERVICE PRINCIPAL SECRET GOES HERE>> - [GUID]
$tenantId = # <<YOUR TENANT GUID GOES HERE>> - [GUID]
$MPN_ID = # <<YOUR 7 DIGIT LOCATION MPN-ID GOES HERE>> - [INT]
# Sign in with Service Principal
$SecureStringPwd = $secretText | ConvertTo-SecureString -AsPlainText -Force
$pscredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $appId, $SecureStringPwd
Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $tenantId
# Assign Partner ID -> example 1234567
New-AzManagementPartner -PartnerId $MPN_ID
Disconnect-AzAccount
Get the linked partner ID
get-AzManagementPartner
Update the linked partner ID
Update-AzManagementPartner -PartnerId 12345
Delete the linked partner ID
remove-AzManagementPartner -PartnerId 12345
First, install the Azure CLI extension.
az extension add --name managementpartner
Sign into the customer's tenant with either the user account or the service principal. For more information, see Sign in with the Azure CLI.
az login --tenant TenantName
Link to the new partner ID. The partner ID is the Microsoft Partner Network ID for your organization.
az managementpartner create --partner-id 12345
Get the linked partner ID
az managementpartner show
Update the linked partner ID
az managementpartner update --partner-id 12345
Delete the linked partner ID
az managementpartner delete --partner-id 12345
- Read the Cost Management + Billing FAQ for questions and answers about linking a partner ID to Power Apps accounts.
- Join the discussion in the Microsoft Partner Community to receive updates or send feedback.
- View additional assets (including PAL) on the Partner Learning path.