Liongard

To access the Microsoft Partner Center, you must have MFA enforced through Conditional Access Policies or Security defaults. If you are using a third party MFA tool, you will need a Microsoft Authentication token to be able to access Partner Center. This guide covers how to check your MFA status:

Open up <a href="https://developer.microsoft.com/en-us/graph/graph-explorer" target="_blank" rel="nofollow noopener noreferrer">Microsoft Graph API Explorer</a> in a new browser window

In the top, click “Sign In” and sign in as the Global Administrator for the Parent Tenant

Once back at the Graph API explorer page, Paste the following URL in the query box, to the right of GET and v1.0

- <a href="https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminCustomers" target="_blank" rel="nofollow noopener noreferrer">https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminCustomers</a>

If you output matches the below, then check if you have a Conditional Access Policy or Security defaults enabled

"error": { "code": "unauthorized", "message": "You are not authorized to access the resource.", "innerError": { "code": "unauthorizedMissingMfaTokenClaim", "message": "The MFA claim was missing in the token.", "target": null, "details": null,

If you do have a third party MFA tool such as OKTA or Duo, you will also need to enforce legacy MFA to require Microsoft to provide you an MFA token when signing into Liongard or Graph

In the Microsoft 365 Admin Center, in the left navigation section, choose Users &gt; Active users

On the Active users page, choose Multi-factor authentication

On the multi-factor authentication page, select the user and set their Multi-Factor auth status to Enabled

1. Open up <a href="https://developer.microsoft.com/en-us/graph/graph-explorer" target="_blank" rel="nofollow noopener noreferrer">Microsoft Graph API Explorer</a> in a new browser window
2. In the top, click “Sign In” and sign in as the Global Administrator for the Parent Tenant
3. Once back at the Graph API explorer page, Paste the following URL in the query box, to the right of GET and v1.0
 - <a href="https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminCustomers" target="_blank" rel="nofollow noopener noreferrer">https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminCustomers</a>
4. Click “Run Query”
5. If you output matches the below, then check if you have a Conditional Access Policy or Security defaults enabled
 "error": { "code": "unauthorized", "message": "You are not authorized to access the resource.", "innerError": { "code": "unauthorizedMissingMfaTokenClaim", "message": "The MFA claim was missing in the token.", "target": null, "details": null,
6. If you do have a third party MFA tool such as OKTA or Duo, you will also need to enforce legacy MFA to require Microsoft to provide you an MFA token when signing into Liongard or Graph
7. In the Microsoft 365 Admin Center, in the left navigation section, choose Users &gt; Active users 
8. On the Active users page, choose Multi-factor authentication 
 image.png
 
9. On the multi-factor authentication page, select the user and set their Multi-Factor auth status to Enabled 
 image.png