Skip to main content
Skip table of contents

Global Delegated Admin Privileges (GDAP) Explained

Unlock the Power of Enhanced Cloud Security and Seamless Support with Granular Delegated Administration Privileges (GDAP)

Wondering how to secure your Microsoft cloud environment while maximizing the efficiency of your support experience with SoftwareOne? Let’s dive in!

What is Granular Delegated Administration Privileges (GDAP)?

Granular Delegated Administration Privileges, or GDAP, is a breakthrough feature introduced by Microsoft, designed to deliver unmatched security and control for organizations working closely with trusted Service Providers like SoftwareOne.

With GDAP, SoftwareOne can extend 24/7 technical support for your Microsoft cloud products, while keeping access finely tuned and limited to essential actions only, ensuring the highest level of security and control. GDAP takes the foundation of traditional Delegated Administration Privileges (DAP) to the next level, safeguarding your cloud environment like never before.

 

Why Choose GDAP with SoftwareOne?

  • Enhanced, Efficient Support: GDAP empowers SoftwareOne’s support teams to respond to your technical needs faster, tackling incidents swiftly and with the precision your business deserves.

  • Precision-Controlled Access: Rest assured, our access is limited strictly to what’s necessary and only for as long as needed. You set the rules with flexible, timebound control that can be revoked at your discretion. It’s support on your terms.

  • Ultimate Flexibility: Maintain full command of your cloud environments, like Azure or Microsoft 365, by setting the boundaries for scope and access duration. With SoftwareOne, you’re always in control.

 

Why GDAP Matters to SoftwareOne as Your Service Provider?

  • Streamlined Issue Resolution: GDAP accelerates our ability to resolve your issues, turning potential downtime into uptime, and ensuring smooth, reliable operations that drive your success.

  • Enhanced Compliance and Security: As advocates of least-privileged access, GDAP ensures that our support activities align with stringent security protocols, reinforcing your trust in our commitment to safeguarding your cloud resources.

  • Seamless Support Aligned with Your Policies: GDAP enables us to adapt to your specific access controls, reinforcing your security policies and fostering a relationship built on trust and transparency.

 

What’s at Stake Without GDAP?

For Customers:

  • Support Delays: Without GDAP, each technical support request requires new access permissions, causing delays in response time when you need it most.

  • Increased Business Risks: Critical incidents can lead to prolonged downtime as we wait for access approval, potentially impacting your operations.

  • Incomplete Support Capabilities: Unlock SoftwareOne’s full suite of capabilities and expertise by enabling GDAP, ensuring your platform and support configurations are fully optimized.

For SoftwareOne:

  • Restricted Support Ability: Without GDAP, our teams face limitations in delivering prompt support, reducing the quality of service we’re dedicated to providing.

  • Reduced Operational Efficiency: Continuously requesting access permissions takes time that could be spent solving your issues, impacting customer satisfaction and the support experience.

 

The Bottom Line: GDAP Means Secure, Efficient, and Trustworthy Cloud Support

GDAP is more than a feature! It’s the foundation for a secure, collaborative, and efficient cloud support experience. Enable GDAP with SoftwareOne to enjoy faster incident resolution, minimize security risks, and experience complete control over access permissions, all tailored to meet your organization’s unique needs. Secure your cloud environment, empower your operations, and enhance your support experience. Activate GDAP today with SoftwareOne!

Microsoft publish guidance and an FAQ about GDAP here. Access to your cloud workloads like Azure or Microsoft365 is granular and timebound. This means SoftwareOne’s access is least privileged and you can control how long we have access for. You are free to revoke access at any time.

GDAP Access is a requirement for us to resolve technical issues on your behalf or carry out service requests and administration changes.

Admin Controls

  • There are Standard Operating Procedures (SOPs) for access and clear rules about undertaking such access.​

  • Tooling is in place to support this access.​

  • Procedures and controls are in place to limit access to authorized consultants only.​

  • Segregation of duty exists in the access approval and implementation across multiple teams​

  • Access to clients' environments is based on lowest permission level mapped to the service catalogue for the service and consultant role.​

  • Access is reviewed regularly.

GDAP Process

During onboarding SoftwareOne will send one or more GDAPs link to the Customer, requesting you allow SoftwareOne the access required to provide the Services. Each link provides a segregated and least-privileged level of access to your cloud services. This ensures that SoftwareOne support engineers only have access to the services that they directly support.

Separate GDAP links are sent for:

·       Microsoft 365

·       Azure

·       Dynamics 365 and Power Platform

The initial duration of the GDAP relationship will be mutually agreed between the Customer and SoftwareOne during Onboarding, however the maximum duration allowed by Microsoft is 730 days. The default duration SoftwareOne requests is the longer of the contract term or 730 days. The Customer may terminate the GDAP relationship at any time.

The following levels of access are typically requested by SoftwareOne:

Azure

For Azure, the following standard access will be requested by SoftwareOne:

  • Directory Reader​

  • Global Reader

  • Service Support Administrator​

  • Billing Administrator

Microsoft 365

The following standard access will be requested by SoftwareOne:

  • Attack Simulation Administrator​

  • Authentication Administrator​

  • Billing Administrator

  • Compliance Administrator

  • Conditional access administrator ​

  • Directory readers ​

  • Domain name administrator ​

  • Exchange administrator ​

  • Global reader ​

  • Groups administrator ​

  • Hybrid identity administrator ​

  • Intune administrator ​

  • License administrator ​

  • Network administrator ​

  • Fabric administrator (Power BI) ​

  • Security administrator ​

  • Service support administrator ​

  • SharePoint administrator ​

  • Skype for Business administrator ​

  • Teams administrator ​

  • User administrator

  • Cloud Application Administrator

Microsoft Dynamics 365

  • Authentication Administrator​​

  • Billing Administrator​

  • Directory readers ​​

  • Dynamics 365 Administrator​​

  • Global reader ​​

  • Groups administrator ​​

  • License administrator ​​

  • Fabric administrator (PowerBI) ​​

  • Power Platform Administrator​​

  • Service support administrator ​​

  • User administrator​

  • Cloud Application Administrator​

For customers wishing to agree a customised level of access for SoftwareOne the options are documented here. These can be discussed with the Onboarding Manager during Service Onboarding

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close