Remote Administration Access Guide

Introduction

For Service Support on Microsoft cloud workloads and to raise Incidents to Microsoft for any cloud or on-premises workloads, SoftwareOne requires that Customer provides SoftwareOne with administrative access. SoftwareOne engineers will resolve incidents and perform service requests directly on a customer Microsoft 365 or Azure cloud tenant. Customers may select what level of administrative access they will permit SoftwareOne. The support that SoftwareOne provides will depend on the level of access provided.

Reseller Relationship

Reseller Relationship (tenant level) - A record of a new customer must be added to Partner Center before SoftwareOne can provide support.

During Onboarding, the Onboarding Manager will check the relevant partner center to which the customer’s tenant(s) will be connected and determine if there is a reseller link already established. If there is an existing link  then no further action here is required.

If there is no established Reseller Relationship then a link will be generated and sent confirming a Reseller Relationship with SoftwareOne. This is the first link that is required to be accepted and must be accepted by a Global Administrator. This is essential for SoftwareOne to provide the service and to be able to escalate to Microsoft when required.

Reseller Relationship is explained further here.

Granular Delegated Administration Privileges (GDAP)

The standard method for service providers to provide support for Microsoft cloud products is with Microsoft Granular Delegated Administration Privileges (GDAP), an overview if which is published by Microsoft here.

During onboarding SoftwareOne will send up to four (4) GDAPs link to the Customer’s Global Administrator too allow SoftwareOne with the access required to provide the Services. Each link provides a segregated and least-privilege level of access to prevent engineers from having access to a service that they do not support. Separate links are provided to the following

·       Microsoft 365

·       Azure

·       Dynamics 365 and Power Platform

·       A dedicated link for the Service Deliver Manager

The initial duration of the GDAP relationship will be mutually agreed between the Customer and SoftwareOne during Onboarding, however the maximum duration allowed by Microsoft is 730 days. The default duration SoftwareOne requests is the longer of the contract term or 730 days. The Customer may terminate the GDAP relationship at any time.

Further details of GDAP options and levels of access can be found here.

Lighthouse Access for Azure

Microsoft Lighthouse is used for administration of Azure in addition to the GDAP for Azure which it leverages.

For a customer’s Azure subscription a link will be sent to authorize Lighthouse usage. Lighthouse is an enterprise application, hosted by Microsoft in Azure and it needs to be trusted as an application in the customer tenant.

Azure Lighthouse is explained here

Conditional Access Policies

For customers that implement Conditional Access Policies, it is critical that appropriate exceptions are considered  for SoftwareOne access to provide support.