Skip to main content
Skip table of contents

The Importance of Establishing a GDAP Relationship

Summary

Establishing a GDAP (Granular Delegated Administration Privileges) relationship between the cloud service provider and the customer is crucial for enhancing security and operational efficiency. This initiative is driven by the impending expiration of many current GDAP permissions, which will limit our ability to assist customers once they expire. Microsoft will also send reminders to all global administrators from each tenant, ensuring they are are of the expiration of the current GDAP relationship.

This article outlines the required steps for establishing a GDAP relationship and highlights the associated benefits. Notably, implementing GDAP significantly enhances security for our customers by eliminating the need for global admin permissions, thereby reducing potential vulnerabilities. By taking proactive measures to transition to GDAP, we ensure continuous support and a more secure environment for our customers.

How to establish a GDAP relationship

A GDAP relationship can be accepted via the URL we provide.

  1. Open the provided link in a private session.

  2. Login with the Global Administrator from the end customer tenant (this is not a delegated user).

  3. Review the information and click Next.

    afbeelding-20241002-132528.png

  4. Check the roles and click Next.

    afbeelding-20241002-132633.png

  5. Accept the partner relationship by clicking Accept.

    afbeelding-20241002-132744.png

  6. The partner relationship is now accepted. Click Close.

    afbeelding-20241002-132844.png

  7. The GDAP relation is now visible in the approved request list:

    afbeelding-20241002-132937.png

What roles does Copaco request on the tenant?

The roles that Copaco requests on the tenant are:

  • Directory Readers

  • Directory Writers

  • License Administrator

  • Service Support Administrator

  • User Administrator

  • Privileged Role Administrator

  • Privileged Authentication Administrator

  • Helpdesk Administrator

  • Cloud Application Administrator

  • Application Administrator

  • Global Reader

As we use the recommendations from Microsoft, you can find the related Microsoft article here: https://learn.microsoft.com/en-us/partner-center/customers/gdap-faq#what-microsoft-entra-roles-would-be-granted-for-default-gdap-as-part-of-create-customer

Reasons to have a GDAP relationship

Below a table of benefits of having a GDAP relationship between Copaco and the customer.

With GDAP

Without GDAP

Support on technical questions

Yes

No

Create tickets with Microsoft

Yes

No

Password resets global admin

Yes

No

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.