Configure Conditional Access for Cloud Commander

Cloud Commander is hosted in Microsoft Azure. To ensure Cloud Commander can access your tenants securely, we recommend you adjust the Conditional Access policies for your customer's tenants. Your Cloud Commander service account must be able to sign in to your Microsoft Partner Center and your tenants from our environment.

Set up your customer's Conditional Access policies

The admin relationships that include GDAP are affected by your customers Conditional Access policies. To ensure you can access your customer tenants using Cloud Commander, we recommend excluding your MSP from each customer Conditional Access policy.

1. Go to the Azure portal and open your customer's Active Directory tenant.
2. Under the Manage section, click Security.
3. In the Security section, select Conditional Access to open the Conditional Access Policies.
4. For each policy, exclude your MSP:
   1. Select Users and then Exclude.
   2. Select the checkbox for Guest or external users.
   3. Choose Service provider users.
   4. To specify external Microsoft Entra organizations, choose Select.
   5. In the right pane, enter your MSP Tenant ID. For instructions to find your Microsoft Entra tenant ID, see the Microsoft documentation.

      

For more information about the policy adjustments that are needed, see the Microsoft documentation.

Next steps

• Get started with Cloud Commander

Updated: Mar 21, 2025