How Can We Help?
< Back
You are here:
Print

Granular Delegated Admin Permissions

This page contains information around how GDAP will change the way we can access tenants.

GDAP requirements for full functionality

  • Azure AD Application to provide access
  • Consent granted to the application by a user account that has Partner Center access to your customers and is in a GDAP group with “Global Reader” permissions to your customers

Legacy Grant Partner Center Consent

We are considering our original method of granting consent to the partner center as legacy.

As you transition your customers from Delegated Admin Permissions (DAP) to Granular Delegated Admin Permissions (GDAP), this method will begin to be phased out.

After moving to GDAP the following basic operations are still available in Sync 365 License using this method.

  • Getting your list of customer tenants
  • Getting the license counts for each of the customer tenants
  • Getting the subscription information for licenses (Direct Microsoft CSP Only)
  • Custom Mailbox counts (when Mailbox token has been added)

All other functions will no longer have access via the legacy consent method.

For all other functions you will need to add an Azure AD Application.

Azure AD Application

This is our new method of partner consent. This provides full GDAP compatibility and extra security.

When changing to GDAP, we only require “Global Reader” permissions to the customer.
We recommend creating a dedicated Sync 365 License user account, ensuring MFA is setup, giving it access to the partner center and adding it to the relevant GDAP group for all of your customers.

We have provided an easy powershell script for you to create the application and grant consent.

After adding the Azure AD Application details to Sync 365 License and granting consent, all functions will still be available after your customers are converted to GDAP relationships

  • Getting your list of customer tenants
  • Getting the license counts for each of the customer tenants
  • Getting the subscription information for licenses (Direct Microsoft CSP and Indirect CSP)
  • Getting usernames for invoice descriptions
  • Office 365 Contact sync to PSA
  • Custom Azure licenses
  • Custom Azure groups
  • End user portal (Direct Microsoft CSP Only)
  • Custom Mailbox counts (when Mailbox token has been added)
Previous Getting Started Manual
Next How Prorate works for licenses
Table of Contents