Requesting a Granular Admin Relationship with Customers (GDAP)

GDAP is a security feature that provides partners with least-privileged access following the Zero Trust cybersecurity protocol. Microsoft is implementing Granular Delegated Admin Privileges (GDAP), which replaces Delegated Admin Privileges (DAP) for more granular and time-bound access to customers' workloads.

NCE Microsoft 365 and Software allows you to request a granular admin relationship with new customers or existing customers without an established admin relationship. As a provider, you can choose the Azure AD roles that you would like to include in the request so that the customer can approve the granular admin request for such roles. The process will consist of the following steps:

  • Azure AD roles to be included in the granular admin request must be configured in the Microsoft Management Settings extension. Refer to the Microsoft Management Settings User Guide for more information.

  • As a provider, you must install the Microsoft Management Settings extension in the Distributor portal to be able to configure the GDAP request email template, view the GDAP request history or resend the GDAP request. For more information, refer to the Microsoft Management Settings User Guide.

  • New customers placing an order for a NCE Microsoft 365 and Software product will receive a granular admin relationship request (GDAP) by email when the purchase request is approved in Connect.

  • New customers need to accept the request by using the link that they will receive by email.

Note: The GDAP request link is directed at customers only. If providers click the link in the GDAP request, an error will be displayed and this is the expected behavior.

Additionally, once the subscription is provisioned, customers will also be able to click the Approve Partner Roles button in their control panel, which will allow them to check if there are roles pending approval. If an approval is necessary, they will be redirected to Microsoft Admin Portal where they will be able to approve the request. This may be necessary if new roles have been added by the provider or if the admin relationship has expired, for example.

Important:
- The granular admin relationship request will only be sent on the first purchase made by new customers.
- The duration of the admin relationship will be set to the maximum allowed by Microsoft: 730 days. When this period expires, it will be necessary to request a new granular admin relationship with the customer.
- Make sure that the Security Contact is kept up to date in the Partner Center, as it will be required by Microsoft to reach out in the event of a security concern. Using an email distribution list is recommended.

© 2024 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.
I accept