If you’re a Cloud Solution Provider and you supply a CSP azure subscription to that tenant, your AdminAgents will have Owner access to that subscription. Lets say the customer also has an existing subscription.
When you add your accounts as Owner to the existing tenant subscription, your users are added as Guest accounts in the customer’s Azure AD. This removes the delegated CSP subscriptions because the reference to the foreign accounts breaks.
So, alternatively, use
Get-AzureRmRoleAssignment -Scope "/subscriptions/<SUBSCRIPTION ID>
on the CSP subscription to get the Foreign Principal ID for your own tenant. Then use
New-AzureRMRoleAssignment -ObjectId <FOREIGN PRINCIPAL ID> -Scope "/subscriptions/ <SUBSCRIPTION ID>" -RoleDefinitionName Owner
to add the foreign principal ID to the existing customer subscription to get delegated access 🙂