March 17, 2023
Updating Microsoft GDAP and What It Means For You
You may receive emails from Microsoft about their new GDAP feature. Learn what it means for your permissions and access to your Azure AD environment.
Recently, Microsoft launched a new Zero Trust Security strategy known as Granular Delegated Admin Privilege (GDAP.)
You might have learned about this in the form of an automated email recently sent to your team, letting you know that your GDAP admin relationship with CDW would be expiring soon.
What Should I Do Right Now?
For the moment — nothing! No immediate action is required on you or your team’s part. This is a transition that has already been accounted for. Back in Fall 2022, all CDW customers were automatically set up with GDAP relationships for a 6 month timeframe.
Starting in March 2023, Microsoft is changing the level of access it gives resellers to its products, including CDW. This means that you and your team will now have greater control over how much access reseller partners like CDW have into your Azure AD environment.
What Should I Do Moving Forward?
Since this access for CDW is now expiring, you have two options.
- Continue to do nothing. If CDW Cloud Managed Services requires access in the future to help with resolving a ticket or escalating something to Microsoft, you can establish your GDAP relationship with us then and dictate how many days it should remain active.
- Proactively request a new GDAP link to set up the relationship and have it in place, should an emergency arise and CDW needs to submit a ticket on your behalf to Microsoft without any interruptions.
As a reminder, you will need to be a Global Admin on your domain to accept our GDAP relationship.
Here to Help How You Work Best
Regardless of which option you choose, CDW is ready to work with whatever approach is best for you and your team. More than anything, privacy is of utmost importance to us. CDW Cloud Managed Services follows the principle of Lowest Privilege Required for the Least Amount of Time in your environment. This includes supporting a more granular approach to permissions/privileges within your Microsoft products.