This year has certainly been a year of change within the Microsoft CSP Partner Network environment, and this looks to continue for 2023. Partners have been bombarded with information around the changes to the Microsoft Partner Program and the demise of the Gold and Silver Programs.
There are other changes that all Microsoft Partners need to take note of and particularly the changes around DAP (Dedicated Admin Privileges) and GDAP (Granular Delegated Admin Privileges). The migration to GDAP was due to happen earlier this year but was delayed, it’s now back on track and the main changes start January 2023, see the timeline below.
The First notable change is the removal of inactive DAP. This means that any credentials, with Global Admin Privileges, will be proactively removed from the tenant when they have not been utilised within the last 90 days. This will be an ongoing process and all GA credentials 90 days or older will be removed by Microsoft.
Secondly, and the one you need to particularly note…Global Admin Credentials will NOT be created when a new tenant is provisioned from the 17 January 2023, US time. This means that you will need to access the tenant initially using your Partner Centre account and create GA credentials, if required still. This will require the user that created the new tenant to have the right access within the companies Partner Centre account to manage this process. However, come March 2023 these will be migrated to GDAP…read on.
It probably a good time to update your internal processes so that your team is aware of the change and know how to action the new requirements to access your customer’s new tenant.
Here's how you access your new tenants after 17 January 2023: https://learn.microsoft.com/en-us/partner-center/gdap-obtain-admin-permissions-to-manage-customer
Come March 2023, the plan to date, is that Microsoft will transition all DAP/GA credentials that are existing in active tenants to GDAP with the least privileged GDAP role. With this intended change, Partners will be forced to move from using DAP to access tenants to manage their customers and the least privileged role is limited viewing access and the ability to create a support ticket from your Partner Centre account.
The messaging from Microsoft is clear and to be fair, this is all about security for your customers and protecting you, the partner. The weakest link is the documentation you have in spreadsheets, word docs, emails, and your third-party applications, anywhere that you have Global Admin accounts saved for your customers. Also, do note that underwriters for insurance companies are now making noises about not paying out on breaches when security best practices are not being followed. GDAP is clearly a Microsoft best practice.
I’ve detailed links to tools that you should check out. You will need to know this stuff and we’re trying to make the transition easier.
This is a good link to get you started and to ensure you understand what GDAP is, this may need to be copied and pasted:
https://learn.microsoft.com/en-nz/partner-center/gdap-introduction
This link is around security, but the last few pages have some helpful links and a basic checklist for setting up your customers tenant with security as a focus with GDAP.
https://partner.microsoft.com/en-nz/resources/detail/security-readiness-map-pdf
This link will take you to information regarding the different roles and what they are and access within the GDAP ecosystem.
https://learn.microsoft.com/en-nz/partner-center/gdap-least-privileged-roles-by-task
This link is all about GDAP lots of content, all helpful. It’s easy to determine topics so you can view and read what is relevant for you.
https://partner.microsoft.com/en-nz/resources/collection/granular-delegated-admin-privileges#/
Finally, it’s not just about managing your customers tenants, you need to also look after accounts within your Partner Centre account. Understand the access you are giving your team, make sure they have the right access, can view what they need to and have the right access so they can do their jobs. Remember, Partner Centre will soon be the only way access to your customers tenants. Understand it and know how to use it.
As always, DD Microsoft Team and I are here, reach out if you need to, it’s our job to help you and your business.
Be well
Carol
