FAQs—Microsoft Cloud Access
What is Microsoft Cloud Access and why is it needed?
Microsoft Cloud Access is N-able’s connecting service to the Microsoft Cloud. Microsoft Cloud Access is necessary to establish a trusted relationship between the application and the cloud, so the application can read and act on the cloud data. See Microsoft Cloud Access setup .
Why can't I authenticate with Microsoft when I sign into Cloud Commander?
Multi-factor authentication must be enforced on all Cloud Commander accounts.
One way to enforce multi-factor authentication is to enable security defaults in the Microsoft Partner Center. See the Microsoft documentation.
Can I change the service account I use with Cloud Commander?
Yes, to change your service account for Cloud Commander, first Remove your MSP organization and then authenticate your organization again using the new user service account.
When will I see cloud data?
When a tenant's status changes to Enabled in Cloud Commander or Enabled with limitations, Cloud Commander can begin displaying data. For more information, see Set up tenants in Cloud Commander.
Can an MSP organization offboard from Cloud Commander?
Yes. For information and instructions, see Remove your MSP organization.
Can I remove tenants from Cloud Commander?
You can remove non-CSP tenants from Cloud Commander. See Remove non-CSP tenants. The tenant is deleted from Cloud Commander and the application can no longer act on the customer’s tenant.
You can't remove CSP tenants from Cloud Commander, but for CSP and non-CSP tenants you can Disable a tenant in Cloud Commander so that tenant data is not visible in Cloud Commander.
Can the Cloud Commander application and the admin relationship be deleted from my customer’s CSP tenant?
Yes, the application can be removed from the customer's Enterprise Applications in Azure. The admin relationship can be terminated it two ways:
- As a Microsoft Partner, you (the MSP) can terminate the admin relationship using the Microsoft Partner Center.
- End customers can terminate the admin relationship using the Microsoft 365 Admin Center.
What does the Reauthenticate option in the onboarding workflow do?
Reauthenticate your MSP organization renews the partner's Cloud Commander credentials to ensure they are up to date. You may need to re-authenticate if certain changes have occurred. For example, you may need to re-authenticate if your credentials change, there are multi-factor authentication changes, or the account hasn't been used for 90 days.
Admin relationships with GDAP have an expiration date. What happens then?
Admin relationships with GDAP are created with an expiration of 730 days, which is the maximum time allowed by Microsoft. To ensure your customers are aware that you have ongoing access to their tenant, we do not recommend automatically extending the admin relationship.
When an admin relationship expires, you must request a new admin relationship by setting up that tenant again and repeating the approval process.
Updated: Mar 06, 2025