This article shows what permissions are required for CSP account used by MachPanel.
This article applies to MachPanel all versions.
- Login to Microsoft Partner Center click on "Dashboard >> View Users", this will land you on "User Management".
- For CSP Service Account following "roles and permissions" are required:
- Go to: https://portal.azure.com/ and login using your CSP Service Account, then navigate to "Azure Active Directory" >> "App Registrations".
- Here, either use Existing Application or create "New Registration".
- Add Redirect URI for your Web Application as: urn:ietf:wg:oauth:2.0:oob
- Hit Register to register this application.
- Click on your desired Application, and click the option "API Permissions".
- Click on Add Permission button and add permissions as highlighted below. Once done, hit the "Grant admin consent for <CSP Account>" button (You will need to choose all permissions for each category one by one):
- Finally, click on "Certificates &
Secrets" from App Registrations Menu and create "New Client Secret". Save this with you as
you will need it later (this will be used as $webAppSecret in commands below).
Steps to perform on MachPanel Control Panel Server:
- Uninstall "Microsoft Azure Active Directory Module" for Windows PowerShell v126.96.36.199, if installed.
Execute commands below to get your - *Refresh Token: - to be inserted into MachPanel Profile settings.