Azure NCE FAQs

• What will be the impact of GDAP implementation in the case of subscriptions for new customers?

• I can't see the subscription in the Partner Center. What can I do?

• Why do I get an error when clicking on the GDAP request link?

• How long are Microsoft refresh tokens valid for?

• Does CloudBlue support NCE Azure for United States Government Community Cloud (GCC)?

• Do Microsoft direct billed provider partners need billing and invoicing relationships to transact new Azure business?

• Do Microsoft direct billed provider partners need billing and invoicing relationships to onboard their existing Azure business to CloudBlue (i.e. platform-to-platform partner transfer)?

What will be the impact of GDAP implementation in the case of subscriptions for new customers?

When a new customer creates a subscription, a GDAP (Granular Delegated Admin Privileges) request is sent for approval. This request includes roles required for value-added services such as Azure Lighthouse and other features provided by the Azure NCE connector.

However, because the GDAP request is sent after the purchase is approved, some necessary roles may be missing at the time of subscription provisioning. As a result, certain features will not be enabled automatically and must be configured manually.

Impacted Features

• Subscription Renaming

  • The Azure NCE connector cannot rename the subscription when it is created.

• Owner Role Assignment

  • The connector cannot assign the Owner role to the customer admin user and this prevents the subscription from appearing in Partner Center.

  • A workaround is available. See the FAQ: I can't see the subscription in the Partner Center. What can I do?

• Azure Lighthouse

  • The connector cannot assign Lighthouse capabilities automatically.

  • Customers must request their service provider to enable this manually.

• Current Cost Estimates

  • The Current Estimate Spending button will not function until the GDAP request is accepted.

• Subscription Cancellation

  • The connector cannot cancel the subscription unless the GDAP relationship is approved.

• Domain Validation

  • Automatic domain validation will fail without GDAP approval.

I can't see the subscription in the Partner Center. What can I do?

If you cannot see a subscription in Partner Center, it may be due to missing permissions during customer creation. Here is why and how to resolve it:

Why this happens

When a new customer is created, they are not automatically assigned the Owner role. This is because the customer has not yet accepted the GDAP (Granular Delegated Admin Privileges) request. Without this acceptance, the subscription will not appear in Partner Center.

What to do

Once the purchase request is approved, the customer will receive a GDAP request via email. After they approve it, follow these steps to gain visibility and assign the necessary roles:

1. Enable Access Management for Azure Resources

1. Sign in as a Global Administrator.

2. Go to Azure Active Directory > Properties.

3. Set Access management for Azure resources to Yes.

   

4. This grants you the User Access Administrator role at the root scope, allowing you to assign roles across all subscriptions.

5. Sign out and sign back in to apply the changes. You will now see the subscriptions that you did not have access to previously, but you still do not have the owner role.

   

2. Assign the Owner Role

   1. Go to the relevant Azure subscription > Access Control (IAM).

   2. Click Add > Role Assignment.

   3. Select the Owner role.

      

   4. Enter the user’s name or email address and click Save.

   5. The subscription will now be visible in Partner Center for that user.

      

3. Revert Elevated Access (Optional but Recommended)

   1. Return to Azure Active Directory > Properties.

   2. Set Access management for Azure resources back to No.

      

   3. This removes the elevated User Access Administrator role from your account.

Why do I get an error when clicking on the GDAP request link?

The GDAP request link is intended for customers only. If a provider attempts to access the link in the GDAP request, an error will be displayed and this is the expected behavior.

How long are Microsoft refresh tokens valid for?

Refresh Tokens will be valid for 90 days.

Does CloudBlue support NCE Azure for United States Government Community Cloud (GCC)?

No, NCE Azure for US GCC is not generally available from CloudBlue. It is a candidate for implementation.

Do Microsoft direct billed provider partners need billing and invoicing relationships to transact new Azure business?

Yes, and the CloudBlue platform will validate that a Microsoft-issued Partner Invitation Link (PIL) has been requested and accepted.

Do Microsoft direct-billed provider partners need billing and invoicing relationships to onboard their existing Azure business to CloudBlue (i.e. platform-to-platform partner transfer)?

Yes, for all standard business scenarios, a billing and invoicing relationship is required.

No, in the exceptional case of compliant Microsoft partner self-consumption of NCE Azure services. However, even in this edge case, maintaining an active billing and invoicing relationship is considered best practice to uphold the integrity of the CSP partner-led field channel.