Azure NCE FAQs

What will be the impact of GDAP implementation in the case of subscriptions for new customers?

When a new customer creates a new subscription, a GDAP request containing certain roles will be sent to the customer for approval. Those roles are required for value-added services like Lighthouse and other functionality provided by the processor. However, since the GDAP request process occurs after the purchase request has been approved, some required roles may be missing when the subscription is provisioned. This implies that there are some value-added features that will need to be enabled manually for the subscription.

Below you can find a list of features that will be impacted:

  • Azure NCE connector will not be able to rename the customer's subscription when it is created.

  • Azure NE connector will not be able to assign the owner role to the customer admin user when the subscription is created. This implies that it will not be possible to see the provisioned subscription in the Partner Center. A workaround is available for this, which is fully described in the the following FAQ: I can't see the subscription in the Partner Center. What can I do?

  • The Azure NCE Connector will be unable to assign Lighthouse capability to the subscription when it is created. Customers will need to ask their service providers to enable this feature manually.

  • Customers will not be able to get their estimated current costs using the Current Estimate Spending button until the GDAP request is accepted.

  • The Azure NCE Connector will not be able to cancel the subscription if the customer has not accepted the GDAP request. Once the customer accepts a GDAP request with the required roles, it will be possible to cancel subscriptions.

  • The Azure NCE Connector will be unable to process Domain Validation automatically because approval for the GDAP relationship request is required.

I can't see the subscription in the Partner Center. What can I do?

When a new customer is created, it will be created without the owner role that would make it possible to see the subscription in the Partner Center. This is due to the fact that the customer has not yet accepted the GDAP request at that point. Once the purchase request is approved, customers will receive a GDAP request by email, which will allow them to approve the request. However, even after the GDAP request approval, as it was not possible to assign the owner role to the customer upon creation, it will be necessary to perform some additional steps to be able to see the subscriptions in the Partner Center. To do this, complete the following steps:

  1. As a global administrator, open Azure Active Directory and click the Properties option in the left menu.

  2. Turn on Access Management for Azure resources by setting this option to Yes. This way, you will be assigned the User Access Administration role in Azure RBAC at root scope. This will grant you permission to assign roles in all Azure subscriptions and management groups associated with this Azure AD directory.

  3. Log out and log in back again.

  4. You will now see the subscriptions that you did not have access to previously, but you still do not have the owner role.

  5. Now you can assign the owner role to yourself or to another user. To do this, go to Access Control (IAM) in the Azure subscription and click Add. Then, select the Owner role and enter the user name or email address in the Select field. Click Save.

  6. As you can see, the owner role has been assigned to the user successfully and the subscription will now be visible in the Partner Center for such user.

  7. Once you have assigned the owner role to yourself or to another user, you can remove the elevated access. To do this, go back to Azure Active Directory > Properties and set the Access management for Azure resources option to No. This will remove the User Access Administrator role in Azure RBAC from your user account, so you will no longer be able to assign roles in all Azure subscriptions associated with this Azure AD directory.

Why do I get an error when clicking on the GDAP request link?

The GDAP request link is directed at customers only. If providers click the link in the GDAP request, an error will be displayed and this is the expected behavior.

How long are Microsoft refresh tokens valid for?

Refresh Tokens will be valid for 90 days.

Does CloudBlue support NCE Azure for United States Government Community Cloud (GCC)?

No, NCE Azure for US GCC is not generally available from CloudBlue. It is a candidate for implementation.

Do Microsoft direct billed provider partners need billing and invoicing relationships to transact new Azure business?

Yes, and the CloudBlue platform will validate that a Microsoft-issued Partner Invitation Link (PIL) has been requested and accepted.

Do Microsoft direct billed provider partners need billing and invoicing relationships to onboard their existing Azure business to CloudBlue (i.e. platform-to-platform partner transfer)?

Yes, for all regular course business. No, for the edge case of compliant Microsoft partner self-consumption of NCE Azure services. However, it is a best practice to have an active billing and invoicing relationship for this edge case, to protect the integrity of the CSP partner-led field channel.

© 2025 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.
I accept