Foreign Principal Role for Azure Support

this document is intended to apply the "foreign principal role", which is required to pass microsoft's validation tool this tool is used as an extra security checkpoint to ensure the case was created from the associated tenant id and foreign principal role the azure cli script, provided below, will need to be run against all azure subs that will be supported under this contract there are two steps to complete this process the first step is adding a reseller relationship and the second is running the foreign principle role through azure cli click the following link to accept this invitation and authorize shi international corp to be your microsoft cloud solution provider and accept the microsoft customer agreement https //admin microsoft com/adminportal/home?invtype=resellerrelationship\&partnerid=7584ba9c dd91 4745 9b7e b4de9da3be7b\&msppid=0#/partners/invitation note user with global admin permission is required to accept the relationship the azure cli will be applied to shi's "adminagent" security group, which possesses the least privileged role required to submit a microsoft support case this will need to be run by the client with both global admin and owner roles over the azure sub this is shi's "adminagents" ad security group id f628f068 9a43 4bcc 9cd9 fcf6c6582d04 that has already been added to the script below you may place more than one azure sub id at a time by using a comma to separate them here is the azure cli to use az role assignment create role “support request contributor” assignee object id f628f068 9a43 4bcc 9cd9 fcf6c6582d04 scope "/subscriptions/ add subscription id(s) here add subscription id(s) here ” assignee principal type "foreigngroup"