Recommendation to hide this section for CSP services for now
Both access options are needed, no sense in the comparison since customer has no choice between these two options.
Granular Delegated Admin Privileges (GDAP) vs. Azure Lighthouse: How They Differ and Why Service Providers like SoftwareOne need both?
Azure Lighthouse is a Microsoft service that enables SoftwareOne to manage multiple customer tenants with enhanced scalability, automation, and governance across delegated azure subscriptions and resources.
Granular Delegated Admin Privileges (GDAP) is a security feature that allows SoftwareOne to access customer’s Microsoft workloads in a time-bound manner.
Here are some ways Azure Lighthouse and GDAP differ:
|
Feature |
Granular Delegated Admin Privileges (GDAP) |
Azure Lighthouse |
|
Scope |
Tenant / Entra ID level access to resources (Azure RBAC is not included) |
Azure resources and subscriptions |
|
Access |
Least privileged access* |
Multi and cross-tenant view based on delegated permissions |
|
Primary Purpose |
Granular control for Microsoft 365 support |
Centralized, scalable management for Azure |
|
Access Method |
Role-based permissions for Microsoft 365 tasks |
ARM-based roles and policies for Azure resources |
GDAP and Azure Lighthouse operate separately, providing control over their respective environments without overlap.
How They Work Together for Complete Cloud Management?
GDAP enables SoftwareOne with granular, least-privilege access to manage Microsoft workloads, keeping permissions limited to what’s necessary.
Azure Lighthouse allows scalable, centralized control over your Azure environment, enabling efficient multi-tenant Azure management through single plane.
Using GDAP and Azure Lighthouse independently provides streamlined, secure support across all your cloud environments, giving SoftwareOne the right level of access for each platform.