When an order for an existing Office 365 tenant is placed in your Storefront (either by a reseller on behalf of the end-customer or from a direct customer), the existing tenant must authorize you as a delegated administrator for the checkout process to be completed.
Before You Start
Especially for CSP Indirect Providers, you should enforce the system to require the billing address of the end-customer before you roll out your new Storefront!
Check the instructions below on how to do that:
- Navigate at: Setup > Administration > System Options > Storefront Configuration > Tab: General
- Check the flag: Sub customers billing address
This is a mandatory step to ensure that the correct billing details of customers are relayed to the Microsoft Partner Center.
Asking from an End-Customer to Authorize the Reseller as his Indirect CSP
When a reseller places the first order for a new end-customer, the "Service Details" step is displayed for defining the customer's domain prefix. Then the reseller's MPN ID is requested for applying it on his customer's subscription, for reasons explained below. If the end-customer is already using Office 365 services (i.e., he is an existing Microsoft tenant), then the reseller must select the option "My customer is already using Office 365 service and he/she owns this domain". 
By selecting this checkbox option, the system will:
- Display instructional messages towards the reseller on how to ask his end-customer to authorize him as his indirect reseller. Included within the message the reseller will find:
- Another pre-enabled (by default) checkbox option named "Include delegated administration privileges for Azure Directory and Office 365." (also known as DAP), which is essentially the request for the end-customer's acceptance of his reseller so that the reseller can be granted administrative privileges, which means that both you (the distributor) and the reseller will be able to directly manage the end-customer's subscription(s) as well as be able to claim rebates from Microsoft.
- The authorization link that will be generated automatically via an API call to Microsoft, and it will contain the reseller's MPN ID for the connection between the end-customer, the reseller, and you (the distributor).
Therefore, the authorization link sent to the end-customer includes, in this case, information on three parts within the same URL:
The information on whether to accept this reseller as his reseller, based on the provided MPN ID.
The information on (granting or not granting) delegated admininstration privileges (DAP) to this reseller as well as to you (the distributor).
- Disable the "Checkout" button. It will be enabled only if the authorization becomes verified.
Consequently, the end-customer must authorize the reseller for the system to allow that reseller to "Checkout" and complete the order.
Verify Authorization
When the reseller completes the authorization process, he must select the "Verify Authorization" button for the system to check if the permissions have been granted.
The system will display a pop-up form for the reseller to enter the end-customer's default domain. If the end-customer has defined a default domain other than the initial onmicrosoft.com domain, the reseller must enter it for the verification to be completed.
If the authorization process hasn't been completed successfully, the reseller will receive the following message.
- If the authorization process is completed successfully, the reseller can complete the checkout process by selecting the enabled "Checkout" button.
Leaving Blank the MPN ID Field
In case the "Reseller MPN ID" field is left blank, a yellow pop-up message is displayed stating: “It seems that you have not provided a valid MPN ID. Without a valid MPN ID, delegated administration privileges will only be provided to <distributor organization name> and not to your organization.“
Asking your Direct Customer to Authorize you as his Direct CSP
When a direct customer places his first order for a Microsoft Cloud service, the Service Details step is displayed for defining his domain prefix. If your direct customer is already using Office 365 services, then he must select the option "I am already using Office 365 service and I own this domain".
By selecting this checkbox option, the system will:
- Display instructional messages towards the direct customer on how to authorize you (his direct CSP). Included within the message you will find:
- Another pre-enabled (by default) checkbox option named "Include delegated administration privileges for Azure Directory and Office 365." (also known as DAP), which essentially means that your direct customer can grant you administrative privileges, meaning that you will be able to manage his subscription(s) directly.
- The authorization link that will be generated automatically via an API call to Microsoft. It will contain the connection between you (direct CSP) and your direct customer.
Therefore, the authorization link sent to the direct customer includes, in this case, information on two parts in the same URL:
- The information on you (the distributor) being the direct CSP of your direct customer.
- The information on (granting or not granting) delegated admininstration privileges (DAP) to you (the direct CSP).
- Disable the "Checkout" button. It will be enabled only if the authorization becomes verified.
Consequently, your direct customer must authorize you (the distributor) as his direct CSP for the system to allow him to "Checkout" and complete the order.
Verify Authorization
When the direct customer completes the authorization process, he must select the "Verify Authorization" button for the system to check if the permissions have been granted.
The system will display a pop-up form for the direct customer to enter his default domain. If the direct customer has defined a default domain other than the initial onmicrosoft.com domain, he must enter it for the verification to be completed.
If the authorization process hasn't been completed successfully, the direct customer will receive the following message.
- If the authorization process is completed successfully, the direct customer can complete the checkout process by selecting the "Checkout" button.
