The Importance of Establishing a GDAP Relationship
Summary
Establishing a GDAP (Granular Delegated Administration Privileges) relationship between the cloud service provider and the customer is crucial for enhancing security and operational efficiency. This initiative is driven by the impending expiration of many current GDAP permissions, which will limit our ability to assist customers once they expire. Microsoft will also send reminders to all global administrators from each tenant, ensuring they are are of the expiration of the current GDAP relationship.
This article outlines the required steps for establishing a GDAP relationship and highlights the associated benefits. Notably, implementing GDAP significantly enhances security for our customers by eliminating the need for global admin permissions, thereby reducing potential vulnerabilities. By taking proactive measures to transition to GDAP, we ensure continuous support and a more secure environment for our customers.
How to establish a GDAP relationship
A GDAP relationship can be accepted via the URL we provide.
Open the provided link in a private session.
Login with the Global Administrator from the end customer tenant (this is not a delegated user).
Review the information and click Next.
Check the roles and click Next.
Accept the partner relationship by clicking Accept.
The partner relationship is now accepted. Click Close.
The GDAP relation is now visible in the approved request list:
What roles does Copaco request on the tenant?
The roles that Copaco requests on the tenant are:
Directory Readers
Directory Writers
License Administrator
Service Support Administrator
User Administrator
Privileged Role Administrator
Privileged Authentication Administrator
Helpdesk Administrator
Cloud Application Administrator
Application Administrator
Global Reader
As we use the recommendations from Microsoft, you can find the related Microsoft article here: https://learn.microsoft.com/en-us/partner-center/customers/gdap-faq#what-microsoft-entra-roles-would-be-granted-for-default-gdap-as-part-of-create-customer
Reasons to have a GDAP relationship
Below a table of benefits of having a GDAP relationship between Copaco and the customer.
With GDAP | Without GDAP | |
---|---|---|
Support on technical questions | Yes | No |
Create tickets with Microsoft | Yes | No |
Password resets global admin | Yes | No |