Global admin account
customers have reseller relationship
customers have DAP roles active
Reseller has AAD premium on his reseller tenant (trial available: https://www.microsoft.com/en-us/security/business/identity-access/azure-active-directory-enable )
Microsoft Lighthouse 365 is a security portal for resellers that can be used to migrate in bulk to GDAP.
To start using this tool you need to order a Lighthouse 365 licence for free.
Go to the Microsoft 365 admin centre at https://admin.microsoft.com and sign in using your partner tenant credentials.
Go to Billing > Purchase Services > Microsoft 365 Services.
Under Microsoft 365 Lighthouse, select Details.
This will trigger the onboarding process which can take 48hours before you can start using the portal.
If you get mentions that your tenants are ineligible you can ignore this mention for the GDAP migration, this only applies to the security features of the portal.
The portal URL : https://lighthouse.microsoft.com
Either from the homepage or the tenant view open the GDAP tool
Here you can select the permissions you want each tier to get.
Tiers are meant for different levels of support within your company (Support lvl1, lvl 2, sales,…)
If you are unsure what to select, use the suggested settings using the button at the top.
The next step is to create a template, here you should only need 1 template unless you have different tiers of customers (Gold, plat, Managed services,…)
Set a template name and decide if this template should include all roles from the previous selection.
If you are NOT planning on using JIT we suggest you unselect it in the template as you need the configure it in the next step.
In short, JIT is a feature where users can request to become members of an Azure AD security group temporarily by filing a request that has to be approved by a manager.
When you have made all the templates required, move to the next step
Now we need to create the Azure AD security groups for each template and tier, these can be edited later on in the Azure AD directly
When you have selected the desired groups that should be created go to the next step
Select all the customers that should have the template applied to them, note that only 1 template can be used per tenant
When you have selected all tenants go to the next step
Here you can see a summary of what you are about to do with this migration wizard, when satisfied finalize the migration.
Changes can take up to 4hours to sync to all tenants (depending on how many you do at a time)
Congratulations, you are GDAP compliant.
For questions or help please contact our support or contact Microsoft directly as resellers can make their own tickets for Lighthouse questions.