Global Delegated Admin Privileges (GDAP) - A Guide

Granular Delegated Administration Privileges, or GDAP, is standard method for service providers and license resellers like SoftwareOne to provide support for Microsoft cloud products. When you buy licenses from SoftwareOne through the Cloud Solution Provider (CSP) program, you also get access to 24x7 technical support. 

By granting SoftwareOne GDAP access, you are giving us the ability to resolve your technical incidents quickly as well as carry out service requests.

Microsoft publish guidance and an FAQ about GDAP here. Access to your cloud workloads like Azure or Microsoft365 is granular and timebound. This means SoftwareOne’s access is least privileged and you can control how long we have access for. You are free to revoke access at any time.

GDAP Access is a requirement for us to resolve technical issues on your behalf or carry out service requests and administration changes.

Admin Controls

• There are Standard Operating Procedures (SOPs) for access and clear rules about undertaking such access.​

• Tooling is in place to support this access.​

• Procedures and controls are in place to limit access to authorized consultants only.​

• Segregation of duty exists in the access approval and implementation across multiple teams​

• Access to clients' environments is based on lowest permission level mapped to the service catalogue for the service and consultant role.​

• Access is reviewed regularly.

GDAP Process

During onboarding SoftwareOne will send one or more GDAPs link to the Customer, requesting you allow SoftwareOne the access required to provide the Services. Each link provides a segregated and least-privileged level of access to your cloud services. This ensures that SoftwareOne support engineers only have access to the services that they directly support.

Separate GDAP links are sent for:

·       Microsoft 365

·       Azure

·       Dynamics 365 and Power Platform

The initial duration of the GDAP relationship will be mutually agreed between the Customer and SoftwareOne during Onboarding, however the maximum duration allowed by Microsoft is 730 days. The default duration SoftwareOne requests is the longer of the contract term or 730 days. The Customer may terminate the GDAP relationship at any time.

The following  levels of access are available:

Azure

For Azure, the following standard access will be requested by SoftwareOne:

• Directory Reader​

• Global Reader

• Service Support Administrator​

• Billing Administrator

Microsoft 365

The following standard access will be requested by SoftwareOne:

• Attack Simulation Administrator​

• Authentication Administrator​

• Billing Administrator

• Compliance Administrator

• Conditional access administrator ​

• Directory readers ​

• Domain name administrator ​

• Exchange administrator ​

• Global reader ​

• Groups administrator ​

• Hybrid identity administrator ​

• Intune administrator ​

• License administrator ​

• Network administrator ​

• Fabric administrator (Power BI) ​

• Security administrator ​

• Service support administrator ​

• SharePoint administrator ​

• Skype for Business administrator ​

• Teams administrator ​

• User administrator

• Cloud Application Administrator

Microsoft Dynamics 365

• Authentication Administrator​​

• Billing Administrator​

• Directory readers ​​

• Dynamics 365 Administrator​​

• Global reader ​​

• Groups administrator ​​

• License administrator ​​

• Fabric administrator (PowerBI) ​​

• Power Platform Administrator​​

• Service support administrator ​​

• User administrator​

• Cloud Application Administrator​