Mind the GDAP: bulk migration tool available til October 31st
If the whole DAP/GDAP transition has you scratching your head, don’t worry. We go through what it all means, what you need to do and why this is actually a very good change of policy from Microsoft.
Let’s start with the basics. DAP stands for Delegated Administration Privileges and gives partners the power to manage their customers’ service or subscription on their behalf. Of course, the customer is required to give permission to their partner to access those administrative privileges – but it was an “all or nothing” deal.
In a nutshell, DAP is the primary way that you, as a Cloud Service Provider, access your customers’ tenancy.
DAP meant partners could deliver support and manage the service effectively – but their God-like power to access everything tended to go against Microsoft’s Zero Trust philosophy.
Enter GDAP, or Granular Delegated Administration Permissions. As the name suggests, this gives partners access to their customers’ workloads in a more granular and time-bound way, meaning access is granted only where support is needed and for a limited time.
This is perfect for customers who might be uncomfortable with high levels of partner access or those with regulatory requirements to provide least-privileged access to partners.
Why are we telling you this?
This changeover is great and all, but there’s some housekeeping that you should get done NOW to make the transition much faster and simpler for you. Microsoft is offering for a VERY SHORT TIME ONLY a tool that will allow partners with existing DAP relationships to upgrade them to GDAP – essentially a bulk transition tool to make your life a little easier.
Bulk migration tool only available until October 31, 2022
Microsoft is committed to providing capability for partners to transition to granular admin privileges (GDAP) at scale without disruption to your current marketplace and customer experiences. In the coming weeks, you should be using Microsoft’s bulk migration tool to update customer relationships, update your process of acquiring new CSP customers and conduct a thorough review of your DAP report to remove relationships you don’t need and aren’t using. Let’s break down what your potential workload for September and October looks like:
Use the Bulk Migration Tool from Microsoft
This tool allows partners with existing DAP relationships (so customers granted these previously) to upgrade to GDAP relationships with Azure AD roles to strengthen their security stance. The tool is only available until October 31, 2022. After that, you’ll need to reach out to your customer and request approval for a GDAP relationship.
Microsoft HIGHLY RECOMMENDS you use the tool to upgrade the DAP relationships you are using ahead of the transition milestones.
Update your process for new CSP customers
Partners will need to update their process for new CSP customers to include requesting GDAP permissions. Microsoft will stop creating DAPs when a new customer or reseller relationship is created. Obtain granular admin permissions by requesting a GDAP relationship separately from creating the customer.
Review your DAPs
Microsoft will start removing DAPs that have been inactive for 90 or more days. If admin privileges are needed, the partner should create a GDAP relationship with the customer with the appropriate level of access and time they require to manage their customers’ service.
Microsoft will start transitioning active DAP connections to least privileged GDAP roles starting October 31, 2022. For the best experience, partners should use the console tool to move these connections as soon as possible.
All partners should review their DAP report and remove relationships they don’t need and aren’t using.
Remember: You are responsible for your customers’ cloud consumption
Partners in the Cloud Solution Provider program are responsible for their customers’ consumption of Microsoft cloud services. It’s important that you are aware of – and take steps to mitigate and remediate – security issues that affect you and your customers. To learn more, check out Enforcement of Microsoft Acceptable Use Policy.
Help! What should I be doing?
If you’re grappling with the whole DAP/GDAP thing, we get it – but remember we’re literally a phone call away! Our team of cloud specialists are ALWAYS happy to talk shop and are here for you to take advantage of. If you want to get top advice from the leading tech experts in New Zealand, just click the button below to send out an SOS and we’ll rescue you!
Microsoft is a technology company whose mission is to empower every person and every organisation on the planet to achieve more. We strive to create local opportunity, growth, and impact in every country around the world.
The cloud creates new paradigms for the technologies that support the business. These new paradigms also change how those technologies are adopted, managed, and governed. When entire datacenters can be virtually torn down and rebuilt with one line of code executed by an unattended process, we have to rethink traditional approaches. This is especially true for governance. Cloud governance is an iterative process. For organizations with existing policies that govern on-premises IT environments, cloud governance should complement those policies. The level of corporate policy integration between on-premises and the cloud varies depending on cloud governance maturity and a digital estate in the cloud. As the cloud estate changes over time, so do cloud governance processes and policies.