Skip to main content
Skip table of contents

Remote Administration Access Guide

Introduction

For Service Support on Microsoft cloud workloads and to raise Incidents to Microsoft for any cloud or on-premises workloads, SoftwareOne requires that Customer provides SoftwareOne with administrative access. SoftwareOne engineers will resolve incidents and perform service requests directly on a customer Microsoft 365 or Azure cloud tenant. Customers may select what level of administrative access they will permit SoftwareOne. The support that SoftwareOne provides will depend on the level of access provided.

Reseller Relationship

Reseller Relationship (tenant level) - A record of a new customer must be added to Partner Center before SoftwareOne can provide support.

During Onboarding, the Onboarding Manager will check the relevant partner center to which the customer’s tenant(s) will be connected and determine if there is a reseller link already established. If there is an existing link  then no further action here is required.

If there is no established Reseller Relationship then a link will be generated and sent confirming a Reseller Relationship with SoftwareOne. This is the first link that is required to be accepted and must be accepted by a Global Administrator. This is essential for SoftwareOne to provide the service and to be able to escalate to Microsoft when required.

Reseller Relationship is explained further here.

Granular Delegated Administration Privileges (GDAP)

The standard method for service providers to provide support for Microsoft cloud products is with Microsoft Granular Delegated Administration Privileges (GDAP), an overview if which is published by Microsoft here.

During onboarding SoftwareOne will send up to four (4) GDAPs link to the Customer’s Global Administrator too allow SoftwareOne with the access required to provide the Services. Each link provides a segregated and least-privilege level of access to prevent engineers from having access to a service that they do not support. Separate links are provided to the following

·       Microsoft 365

·       Azure

·       Dynamics 365 and Power Platform

·       A dedicated link for the Service Deliver Manager

The initial duration of the GDAP relationship will be mutually agreed between the Customer and SoftwareOne during Onboarding, however the maximum duration allowed by Microsoft is 730 days. The default duration SoftwareOne requests is the longer of the contract term or 730 days. The Customer may terminate the GDAP relationship at any time.

Further details of GDAP options and levels of access can be found here.

Lighthouse Access for Azure

Microsoft Lighthouse is used for administration of Azure in addition to the GDAP for Azure which it leverages.

For a customer’s Azure subscription a link will be sent to authorize Lighthouse usage. Lighthouse is an enterprise application, hosted by Microsoft in Azure and it needs to be trusted as an application in the customer tenant.

Azure Lighthouse is explained here

 

Conditional Access Policies

For customers that implement Conditional Access Policies, it is critical that appropriate exceptions are considered  for SoftwareOne access to provide support.

 

Conditional Access

Service Impact

Standard Access

SoftwareOne granted permanent conditional access to Customer tenants

·       Full service applies

·       SoftwareOne will respond to incidents

·       SoftwareOne will respond to service requests

·       SoftwareOne will resolve incidents directly on Customer tenant

·       SoftwareOne can escalate to Microsoft as required

 

Limited Access

SoftwareOne granted conditional access on demand in response to an incident

·       Reduced service applies

·       SoftwareOne will respond to incidents

·       SoftwareOne cannot work on Service Requests

·       SoftwareOne will resolve incidents directly on Customer tenant

·       SoftwareOne can escalate to Microsoft as required

Restricted Access

No Conditional Access permitted

·       Very Reduced service applies

·       SoftwareOne will respond to incidents

·       SoftwareOne cannot work on Service Requests

·       SoftwareOne has no access to tenant and will require Customer to arrange screen sharing sessions in order for incident to be worked on.

·       SoftwareOne can provide advice on how to resolve an incident but cannot resolve directly for customer.

·       SoftwareOne can escalate to Microsoft as required for On-prem or M365 workloads but not Azure.

·       SoftwareOne cannot open Azure support requests unless subscriptions are added on Lighthouse (only subscription level resources supported).

 

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.