GDAP Options for a Customer
The support that SoftwareOne provides will depend on the level of GDAP access provided. The following sections outlines the access options for the customer to choose from and the impact to the service.
Access is provided at three levels:
· Standard Access: Full service applies
· Limited Access: Reduced service applies
· Restricted Access: Very reduced service applies and in some cases is not supported
Azure
Azure | Service Impact |
Standard Access: · GDAP: · Directory Reader · Global Reader · Service Support Administrator · Billing Administrator Foreign principal on Azure subscription: · Owner.Access policies: o Excluded in access policies.
| · Full service applies. · SoftwareOne will respond to incidents. · SoftwareOne will respond to service requests. · SoftwareOne can make required changes with approval from customer. · SoftwareOne can escalate to Microsoft as required.
|
Limited Access: · GDAP: · Service Support Administrator · Access policies: o Excluded in access policies. · Lighthouse: o Reader (default) o Support request Contributor (elevated) o L3 + TL’s can elevate access rights to remove Lighthouse connection.
| · SoftwareOne will respond to incidents. · SoftwareOne will respond to service requests. · SoftwareOne cannot make any direct changes on the Customer’s tenants and will take an advisory role. This may extend the resolution time of incidents. · SoftwareOne can escalate to Microsoft as required.
|
Restricted Access No GDAP privileges are allowed for SoftwareOne to access the customer Azure tenants.
|
· This option is not supported. Without minimal GDAP access, SoftwareOne cannot escalate to Microsoft for Azure Resources. The Customer would be responsible for escalating to Microsoft and would therefore need their own support contract with Microsoft. Without Minimum GDAP Access Customer will not be covered under SoftwareOne’s premier support contract for partners as tickets must be raised by SoftwareOne from within the customer environment. |
Microsoft 365 and Microsoft Dynamics
Microsoft 365 | Service Impact |
Standard Access · Attack Simulation Administrator · Authentication Administrator · Billing Administrator · Compliance Administrator · Conditional access administrator · Directory readers · Domain name administrator · Exchange administrator · Global reader · Groups administrator · Hybrid identity administrator · Intune administrator · License administrator · Network administrator · Fabric administrator (Power BI) · Security administrator · Service support administrator · SharePoint administrator · Skype for Business administrator · Teams administrator · User administrator · Cloud Application Administrator
| · Full service applies · SoftwareOne will respond to incidents · SoftwareOne will respond to service requests · SoftwareOne will resolve incidents directly on Customer tenant · SoftwareOne will carry out service requests as per the Customer’s request · SoftwareOne can escalate to Microsoft as required
|
Limited Access · Directory readers · Global reader · Service support administrator · Cloud Application Administrator
| · Reduced service applies · SoftwareOne will respond to incidents · SoftwareOne cannot carry out on Service Requests · SoftwareOne can view Customer tenant and will provide advice on how to resolve an incident but cannot resolve directly for customer except via screen sharing session. · SoftwareOne can escalate to Microsoft as required
|
Restricted Access · Service Support Administrator No GDAP privileges are allowed for SoftwareOne to access the customer Microsoft 365 tenants.
| · Very reduced service applies · SoftwareOne will respond to incidents · SoftwareOne cannot work on Service Requests · SoftwareOne has no access to tenant and will require Customer to arrange screen sharing sessions in order for incident to be worked on. · SoftwareOne can provide advice on how to resolve an incident but cannot resolve directly for customer. · SoftwareOne can escalate to Microsoft as required because Service Support Administrator for 365 workloads does not require any administrator console access.
|
Service Delivery Management
Service Delivery Management | Service Impact |
Standard Access · Directory Reader · Global Reader | · Full service applies · Service Delivery Manager can read tenant information when requested to obtain this by the customer. E.g. We have requests to retrieve license data. |
Restricted Access No GDAP privileges are allowed for SoftwareOne to access the customer Microsoft 365 tenants.
| Service Delivery Manager cannot assist in activities such as retrieving information from the Customer’s tenants on behalf of the customer. |
Professional Services
Where administrative access is required by SoftwareOne to deliver professional services following a change request, SoftwareOne will inform the Customer:
· The level of access required
· Whether GDAP access or direct environment access is required
· The anticipated duration of the access requirement
For direct access, this may require
· access to the Customer environment from the internet either directly or via a Microsoft VPN or VPN gateway compatible with the Microsoft Windows 10/11 built in VPN client.
· provision of a suitable device with access such as Direct Connect, to the Customer network.
· provision of suitably named and privileged accounts within the Customer environments.
· A screen share session where changes are made by the Customer under instruction from SoftwareOne.