What is GDAP?
Microsoft Granular Delegated Admin Privileges (GDAP) is an enhancement to the traditional Delegated Admin Privileges (DAP) in Microsoft’s partner ecosystem. It is designed to provide more precise control over the permissions and access rights that partners have within their customer's environments.
GDAP and Cloud Commander
Cloud Commander uses Microsoft GDAP to make onboarding your CSP tenants most efficient. During you initial setup, Cloud Commander accesses a list of all your tenants with whom you have a GDAP relationship.
If you have a GDAP relationship with a customer, you can leverage that relationship to onboard their tenants into Cloud Commander.
What is Microsoft GDAP?
- GDAP allows Microsoft partners to manage their tenants' environments with a higher level of precision.
- GDAP provides the ability to assign specific administrative roles and permissions to individual users within the partner organization, rather than blanket access.
Why is GDAP needed?
Enhanced security
- Traditional DAP provides broad administrative access, which can pose security risks if not managed properly.
GDAP minimizes the risk by allowing partners to only access what they need to perform their tasks.
Compliance and Governance
- Many organizations are subject to regulatory requirements that mandate strict control over who has access to their systems.
- GDAP helps partners comply with these regulations by ensuring that access is granted on a need-to-know basis.
Customer Trust
- Customers are more likely to trust partners who demonstrate a commitment to security and data privacy.
- GDAP helps build that trust by showing customers that their data and environments are protected with least privilege access principles.
How does GDAP ensure least privilege access?
Role-Based Access Control (RBAC)
- GDAP uses RBAC to assign specific roles to users. Each role has a defined set of permissions, ensuring users only have access to what they need.
- For example, a support technician may only have permissions to view and resolve support tickets, while a system administrator might have broader access.
Granular Permissions:
- Unlike traditional DAP, GDAP allows for very specific permissions to be set. This means that partners can assign the minimum level of access required for a task.
- Permissions can be as granular as read-only access to specific resources or write access to certain administrative functions.
Scoped Access:
- Access can be scoped to specific resources or services within the customer’s environment.
- This ensures that even within the same role, access can be limited to certain areas, reducing the potential impact of a security breach.
Time-Bound Access:
- GDAP can enforce time-bound access, meaning permissions can be granted for a specific period.
- This is useful for temporary tasks or projects, ensuring that access is automatically revoked once it is no longer needed.
Auditing and Monitoring:
- GDAP includes auditing and monitoring capabilities that track who accessed what, when, and what actions they performed.
- This helps in identifying any unauthorized access and ensures accountability.
Updated: Nov 13, 2024