Cloudmore Blog

What You REALLY Need to Know About Microsoft DAP & GDAP

Written by Patrick Johnson | 20 October 2023

In the digital age, where your data is only as secure as your worst password and GDPR watches every business closely, diving deep into the world of Microsoft's ever-evolving security ecosystem can feel like a daunting task.  

But fear not! You're about to find out what DAP was, why it’ll be gone soon, and why GDAP is a major upgrade. Let’s set the scene. 

Microsoft's Role in Digital Application Platforms 

Did you ever stop and wonder how Microsoft became the tech titan it is today?  

From Windows to the Cloud Solution Provider (CSP) program, Microsoft's legacy is cemented in its ability to anticipate and cater to the dynamic needs of businesses and individual users alike.  

Their strategic foresight has transformed them from just a software company to an influential force in the realm of digital application platforms. 

The GDAP & DAP Discussion 

Ah, the alphabet soup of tech jargon!  

There’s rarely anything businesses like more than a good acronym, and Microsoft are no exception. And as you’ll have gathered, we’re here to talk about DAP and GDAP. 

Before we get into the weeds with GDAP, let’s briefly mention DAP or Delegated Admin Privileges. 

These allowed partners of businesses using Microsoft services to perform certain functions on behalf of the business, whenever necessary. However, allowing someone who isn’t in your business access to any of your accounts carries risks. 

And Microsoft felt that DAP in their original iteration was too risky, which has led them to create GDAP. That’s what we’re here to explain and illuminate. 

By the end of this post, you'll not only understand GDAP inside out but also be ready to leverage its capabilities for your benefit. Buckle up and get ready to demystify Microsoft's latest marvel! 

What is GDAP? 

Define GDAP 

GDAP, standing for Granular Delegated Admin Privileges, is Microsoft's innovative approach to permissions management.  

Tailored to meet the diverse needs of partners, GDAP enhances how partners assist their clientele, defining how and when they can access key Microsoft platforms such as Microsoft 365, Dynamics 365, Microsoft Azure, and the Microsoft Power Platform. 

GDAP Meaning and Its Significance 

Dive into the essence of GDAP, and you'll find empowerment.  

This robust system provides Microsoft partners with an elevated connection to their customers, all the while bolstering security.  

Transitioning from the conventional DAP to GDAP means partners are harnessing a sophisticated, fortified solution, ensuring they don’t just keep up with the digital evolution but actively lead it. 

How It Improves Your Business's Security 

With GDAP at the helm, businesses gain a vital layer of protection. This granular approach to privileges means that access can be meticulously defined and refined.  

Instead of providing blanket permissions, partners can assign precise roles, minimizing potential risks and vulnerabilities. By fine-tuning who gets access to what, and to what extent, GDAP equips businesses with a sharper, smarter, and safer permissions tool. 

To sum it up, GDAP is not a feature; it's a transformative shift in the realm of Microsoft service management.  

For partners and service providers, embracing GDAP is a pledge to stay ahead technologically, ensuring your clients receive top-notch and secure services. 

GDAP vs. DAP: The Key Differences

 

The major differences and similarities 

Understanding the nuances between GDAP (granular delegated admin privileges) and DAP (delegated admin privileges) is crucial in the vast landscape of Microsoft solutions.  

On the surface, both might seem to serve the same purpose, but a closer inspection reveals the distinctions: 

  • Granularity:
    • DAP: Provides generalized access to a client's environment.
    • GDAP: Offers precise, tailored access through time-limited, minimum-rights security contracts.  
  • Transition Process:
    • DAP: Previously the standard, but now being phased out by Microsoft.
    • GDAP: With the Microsoft-led transition, partners on DAP are automatically transitioned to GDAP, which establishes a secure relationship with eight default roles. After 30 days of this transition, DAP is removed.
  • Access Duration and Control:
    • DAP: More open-ended access duration.
    • GDAP: Time-limited access, ensuring that privileges are only granted when necessary, minimizing potential security vulnerabilities. 

These differences underscore Microsoft's commitment to enhanced security and precise access control.  

By emphasizing GDAP over DAP, the tech giant is setting the stage for a more secure and streamlined partner-client interaction. 

The major benefits of GDAP 

The move from DAP to GDAP isn't just a shift in name or minor technicalities. It's a strategic step forward for partners who are serious about maximizing security and optimizing their workflow.  

Here are some of the standout benefits: 

  • Enhanced Security: By leaning on time-limited and minimum-rights contracts, GDAP ensures that access is granted precisely where needed, reducing potential security threats.
  • Flexibility with Roles: GDAP comes with eight default roles, from "Directory readers" to "Privileged role administrator". Each role is designed for specific tasks, ensuring partners have the right tools without unnecessary access.
  • Streamlined Transition: If you're concerned about the transition, Microsoft's got you covered. The seamless shift from DAP to GDAP is automated, with a clear schedule and minimal disruptions.
  • Better Control: With GDAP, businesses can have a clear view of who has access to what, making audit logs more transparent and straightforward. 

Why GDAP could be crucial for your business 

Embracing GDAP is more than just staying updated with Microsoft's latest protocols. It's about future-proofing your operations and ensuring that you're on the frontline of cybersecurity best practices. 

In the ever-evolving landscape of cybersecurity threats, adopting GDAP places your business in a better position to counter potential risks. The transition from DAP to GDAP signifies a move from broad access permissions to more precise, controlled, and secure privileges. 

If security is a priority – as it should be for any business – then GDAP is not just an option. It's a necessity.  

GDAP ensures that access to sensitive customer data is strictly on a need-to-know basis. Only those with explicit permissions can view or alter customer data. This granularity minimizes the risk of compromising valuable information, shielding businesses from potential data breaches. 

Furthermore, by employing GDAP, companies reduce the likelihood of unsolicited access to their repositories. This isn't merely about keeping intruders out; it's about ensuring trust and integrity in all digital interactions. Trust, after all, is a cornerstone for any business, and with GDAP, you fortify that trust. 

By leveraging GDAP's refined access protocols, you ensure that your business remains resilient, secure, and ready for the challenges of tomorrow. 

GDAP Migration 

With digital transformations becoming the norm, Microsoft has set forth tools to help in the transition from Delegated Admin Privileges (DAP) to Granular Delegated Admin Privileges (GDAP). One pivotal asset in this journey is the GDAP bulk migration tool. 

Overview of GDAP Bulk Migration Tool 

To truly comprehend the value this tool brings, let's deep dive into its essential components and features: 

  • User Roles & Access: The tool is accessible for various roles such as Global admin, User management admin, Admin agent, and Sales agent. Its primary objective is to facilitate the creation of GDAP relationships using the foundation of an existing DAP bond.
  • Open-Source Platform: Crafted as an open-source .NET console tool, it integrates with an open-source .NET SDK. This ensures easy adaptability and understanding for developers familiar with the .NET ecosystem.
  • Data Management: The tool's design comprehends both .csv and .json file formats, optimizing your migration data setup. Additionally, no underlying code modifications are essential, and initiating the tool is as straightforward as a .NET command.
  • Flexibility & Customizability: With its extensible code, partners have the liberty to augment its functionalities according to specific requirements. Additionally, an exhaustive logging mechanism aids in issue identification and troubleshooting.
  • Who Can Use: The tool is not limited to one category; direct bill partners, indirect providers, and indirect resellers transacting via the CSP program can harness its capabilities.
  • Prerequisites & Execution: For a successful transition using the GDAP tool, various prerequisites are stipulated:
    • Active or inactive DAP relationships
    • Multifactor authentication (MFA) for partner accounts
    • Installation of the .NET 6.0 SDK on the operating machine
    • Access to the GDAP app service principal
    • Unique relationship names for GDAP creations
  • GDAP Migration Journey:
    • Initiation: Begin by downloading the GDAP bulk migration tool source from GitHub
    • Roles and Security Groups: Extract essential roles and security groups tailored to your needs.
    • Migration Operations: Execute specific operations like 'Create GDAP Relationship(s)' and 'Refresh GDAP Relationship status'.
    • Security Group Provisions: Assign security groups to roles within the customer tenant.
    • Updating & Deletion: Post-migration, you have the liberty to update or terminate GDAP relationships, and even finalize DAP terminations.
  • A Smooth Process: The tool meticulously structures your migration. From downloading essential lists, creating GDAP relationships, and provisioning security groups, to finalizing, every step is planned to ensure minimal disruptions. 

Remember, each migration is unique. Thus, tailoring and modifying the process based on batch sizes and specific customer nuances is imperative for a successful transition. 

Microsoft's Take on GDAP & DAP 

As we’ve made clear, Microsoft continually strives to enhance security, user experience, and administrative control. The transition from Delegated Admin Privileges (DAP) to Granular Delegated Admin Privileges (GDAP) is their latest move in this direction. Here's why it matters and what it means for you. 

The Significance of the Microsoft GDAP Deadline 

Firstly, let's delve into the importance of Microsoft's various GDAP deadlines, some of which are now passed.  

Here’s how the timeline has worked since GDAP’s announcement: 

  • May 22nd, 2023 – Microsoft begins transitioning existing DAP relationships to GDAP, with the DAP relationships being removed 30 days later 
  • June 2023 – Transitioning paused for fiscal year closure 
  • July 2023 – Microsoft will officially disable any remaining DAP access 
  • September 25th, 2023 – DAP access will no longer be granted for new customer creation 
  • October 9th, 2023 – DAP will no longer be available for relationships with resellers 
  • November 2023 – DAP will no longer be the default for any situation 

The entire transition process marks a significant pivot in the way administrative privileges are managed in the cloud environment.  

With the introduction of GDAP, Microsoft aims to offer a more granular, precise, and controlled delegation process.  

This means, as a Cloud Solution Provider (CSP) or partner, you'll gain enhanced oversight over specific tasks, ensuring a tighter security net for your clients and your operations. 

By making the transition early, you're not merely adhering to a Microsoft mandate; you're embracing a future-ready approach. Adopting GDAP translates to more robust protection, streamlined administration, and an overall optimized user experience.  

Insights into the GDAP Timeline

 

Navigating the GDAP transition requires understanding the key milestones in its rollout. Microsoft, in its foresight, didn't introduce GDAP abruptly. Instead, they've structured a phased timeline, giving partners ample time to prepare, adapt, and integrate. 

From the initial announcement to the final deadline, each phase of the GDAP timeline is meticulously designed to offer you clarity, training, and support. Whether it's setting up the appropriate roles, utilizing the bulk migration tool, or resolving any hiccups along the way, each stage provides an opportunity to fine-tune your migration strategy. 

Embracing this timeline not only ensures compliance but also fosters a seamless transition. By staying informed and proactive, you can leverage the full potential of GDAP, positioning your organization at the forefront of modern administrative practices. 

Key Takeaways for GDAP and DAP 

Navigating the cloud landscape can be complex, but Microsoft’s shift from DAP to GDAP promises a streamlined, secure, and more tailored experience for partners and businesses alike. Let’s sum up what this means for the future and how businesses can harness its potential. 

The Future of the Microsoft Ecosystem with GDAP 

While GDAP is still relatively new, it's not difficult to envision the transformative impact it will have on the Microsoft ecosystem.  

At its core, GDAP seeks to create a more granular control mechanism, replacing the broad strokes of DAP with precision targeting. This has the potential to redefine administrative delegation, ensuring every task is executed under the right permissions, minimizing security risks. 

In the long run, it's conceivable that GDAP will bolster the Cloud Solution Provider (CSP) program, fostering a more dynamic and secure relationship between partners and their clients.  

This would, in turn, cement Microsoft's position as a leader in cloud security and administrative control. Moreover, as the intricacies of cloud administration become more refined, businesses will likely experience a surge in efficiency, reliability, and trust in their digital operations. 

Recommendations for Businesses about GDAP 

For businesses keen on harnessing the advantages of GDAP, here are some recommendations: 

  • Stay Informed: The transition to GDAP is significant, but Microsoft has provided ample resources and tools to facilitate a smooth shift. Dedicate time to understand these resources.
  • Plan Ahead: Although the shift might seem overwhelming, breaking it down into manageable steps can make the process more digestible. Start with the prerequisites, follow the GDAP timeline, and engage in regular progress checks.
  • Engage with Expertise: Whether it's in-house or external consultants, ensure you have access to expertise familiar with the nuances of GDAP. Their insights can be invaluable.
  • Prioritize Security: With the emphasis on multifactor authentication (MFA) and granular controls, GDAP is fundamentally about enhancing security. Ensure all relevant personnel are trained on the new protocols.
  • Stay Agile: As with any new rollout, there might be unforeseen challenges. Adopting an agile mindset, staying flexible, and being open to tweaks in your migration strategy can make all the difference. 

To wrap up, GDAP is not just another tech jargon or fleeting trend. It’s the future of administrative delegation within the Microsoft ecosystem. Embracing it not only ensures compliance but sets you on a path to a more secure, efficient, and streamlined digital operation. 

You're now equipped with the essentials to navigate the GDAP terrain. While the journey might have its challenges, the destination promises a future of enhanced capabilities and peace of mind. Forge ahead with confidence!