News alert: Welcome new MSPs – here’s a quick way to migrate to GDAP before the 22 May Microsoft deadline
UPDATE – 26 April, 2023 – this blog has been updated to reflect the new 1-click migration to GDAP automation feature in SkyKick Security Manager. To jump to the specific product details below – click HERE.
What’s Happening
In response to demand for a more granular level of partner access and control, Microsoft will change their current Delegated Admin Privileges (DAP) program in favor of more secure Granular Delegated Admin Privileges (GDAP); see announcement.
Beginning May 22, 2023, Microsoft will begin automatically deprecating DAP-based customer access and transitioning to Granular Delegated Admin Privileges (GDAP) with limited Azure Active Directory roles. To learn more about GDAP specifics from Microsoft, click here.
What’s GDAP and how does it impact Partners globally?
This transition is part of Microsoft’s “Zero Trust” approach. They are following the three principles of:
- Use least privileged access
- Verify explicitly
- Assume breach
With GDAP, each partner holds only “keys” to relevant workloads, through so-called “relationships”. GDAP capabilities allow partners to control access to their customers’ workloads in order to better address their security concerns.
This change can benefit partners because they can offer more services to customers who may be uncomfortable with the current levels of partner access. They can also offer services to customers who have regulatory needs that require least-privileged access to partners.
How Security Manager Helps Make the transition to GDAP Easy
SkyKick Security Manager is on the forefront of making this transition easy and seamless for partners.
We have created automation to help partners get GDAP-compliant and improve security all-around for your customers and your MSP. Do the migrations to GDAP now with 1-click using SkyKick Security Manager and there’s no need to worry about doing it the hard way.
To help ease this transition and to provide partners with a simple solution for keeping your Security Manger subscriptions connected, SkyKick’s Partner Center Integration (PCI) now supports a migration from DAP to GDAP. PCI can now create 2-year GDAP admin relationships for all your DAP relationships in Partner Center.
To perform the migration simply run PCI and ensure that the Permission Settings toggle is “on”.
PCI will create a security group with the global admin used as a member in the Partner Center related Microsoft 365 tenant and create the GDAP relationship with that group in Partner Center.
You can find more information on what’s created by PCI, where, and when in the SkyKick Help Center.
We also have a new Help Center article that outlines the Azure Applications, Service Principles, and Security Groups that Security Manager creates.
To learn more about SkyKick Security Manager, book a live demo with a senior SkyKick security specialist
Learn more
Visit the SkyKick Security Manager for M365 Overview page to learn more. Or check out the Quick Guides to see short product videos about how Security Manager helps Partners tackle things like Anti-Phishing, Safe Links, and more
For more information including error message and configuration steps, check out the GDAP section in the Microsoft Partner Center Integration Help Center .
We’re committed to MSPs and will continue to provide updates surrounding GDAP support as Microsoft provides more information around their strategy and deadlines.