Partner Center PowerShell module sends telemetry data to Microsoft

Partner Center PowerShell module sends telemetry data to Microsoft

Microsoft has published a PowerShell module for their partners to ease and automate operations with their customers. This module is (quite intuitively) called Partner Center. While the module does well what it’s meant to do, it also tells Microsoft what the partners are doing.

PartnerCenter PowerShell module

According to Microsoft:

Partner Center PowerShell is commonly used by partners to manage their Partner Center resources. It is an open source project maintained by the partner community. Since this module is maintained by the partner community, it is not officially supported by Microsoft.

This means that the module is actually developed by the partner community, not Microsoft, thus it is not officially supported. However, interestingly, only person who has lately committed anything to its GitHub is working as a Senior Cloud Technology Strategist for Microsoft.

How it works

One of my “hobbies” is to see what happens behind the curtains of Microsoft administrative tools. The end goal is of course to find new functionality to my AADInternals toolkit. So, it was time to install the module and fire up my favourite web debugging tool Fiddler. At that time, I didn’t know that the source code of the module was already available at GitHub.

The module is using the standard OAuth authentication flow. After getting the AccessToken, an initial request is made to https://api.partnercenter.microsoft.com/v1/profiles/organization.

(By the way, who is maintaining the rest APIs at api.partnercenter.microsoft.com? I’m quite sure not by the partner community..)

What we got back is a json file with the following information about the partner:

{
	"id": "",
	"companyName": "",
	"defaultAddress": {
		"country": "",
		"city": "",
		"addressLine1": "",
		"postalCode": "",
		"firstName": "",
		"lastName": "",
		"phoneNumber": ""
	},
	"tenantId": "",
	"domain": "",
	"email": "",
	"language": "",
	"culture": "",
	"profileType": "OrganizationProfile",
	"links": {
		"self": {
			"uri": "/profiles/organization",
			"method": "GET",
			"headers": []
		}
	},
	"attributes": {
		"etag": "",
		"objectType": "OrganizationProfile"
	}
}

However, after a couple of seconds, another request was made to https://dc.services.visualstudio.com/v2/track with the following content:

{
	"name": "Microsoft.ApplicationInsights.786d393cbe8e46a8b2b2a3b6d5b417fc.PageView",
	"time": "2020-01-19T08:42:14.7508659Z",
	"iKey": "786d393c-be8e-46a8-b2b2-a3b6d5b417fc",
	"tags": {
		"ai.internal.sdkVersion": "dotnet:2.4.0-32153",
		"ai.device.osVersion": "Microsoft Windows NT 10.0.17763.0",
		"ai.session.id": "046cb320-70f2-4175-9531-8a3363d33d17"
	},
	"data": {
		"baseType": "PageViewData",
		"baseData": {
			"ver": 2,
			"name": "cmdletInvocation",
			"duration": "00:00:42.3047976",
			"properties": {
				"HashMacAddress": "919a73720aea203d2d2b5d2b674f0a931b5897edfecac17e027861cfe42a4101",
				"SessionId": "046cb320-70f2-4175-9531-8a3363d33d17",
				"PowerShellVersion": "5.1.17763.771",
				"ModuleVersion": "3.0.5.0",
				"CommandParameterSetName": "User",
				"Command": "Connect-PartnerCenter",
				"IsSuccess": "True",
				"TenantId": ""
			}
		}
	}
}

This happens every time any cmdlet is used!

So, Microsoft knows which PowerShell commands are used against which tenant, the information which should already be available in their API logs. However, also the hash of your MAC address is sent to Microsoft with the OS information, so the commands can be tracked down to individual computer. The hash is by the way a SHA256 hash of the MAC string of your NIC withouth dashes.

Conclusion

To sum up, the PartnerCenter PowerShell module is sending telemetry data back to Microsoft. Whether this is an issue or not is up to you. As the module is open source, partners can always build their own version of the module which would not send telemetry data to Microsoft.

Dr Nestori Syynimaa avatar
About Dr Nestori Syynimaa
Dr Syynimaa works as a CIO of eight cities and municipalities surrounding Tampere, the largest inland city in Nordic countries. He also runs his own consultation business Gerenios. Before moving to his current position, Dr Syynimaa worked as a consultant, trainer, and university lecturer for almost 20 years. He is a regular speaker on Office 365 and Azure security in scientific and professional conferences. Dr Syynimaa holds MCSA (Office 365) and is Microsoft Certified Trainer.
comments powered by Disqus