What is the Granular Delegated Admin Privileges (GDAP) Relationship?
GDAP is Microsoft’s security model that allows partners—like All Covered—to provide support and management for your Microsoft services with least-privileged, time-bound access. Unlike the older DAP model, GDAP gives you full control over what permissions we have and for how long.
Benefits for You as the Customer
- Enhanced Security: GDAP follows Microsoft’s Zero Trust principles, reducing risk by granting only the permissions needed.
- Full Control: You approve every GDAP request and can revoke access at any time in the Microsoft 365 Admin Center.
- Transparency: You see exactly which roles and permissions are requested before granting access.
- Compliance: Time-bound access ensures compliance with security and regulatory requirements.
What All Covered Can Do with GDAP
- Provide Support Safely: We can troubleshoot and manage your environment without unnecessary global admin rights.
- Perform Agreed Services: Access is limited to roles you approve, such as license management or security configuration.
- Maintain Accountability: Every GDAP relationship is logged and auditable.
Responsibilities
All Covered (Partner):
- Request only the permissions necessary for agreed services.
- Use GDAP access responsibly and within approved time limits.
- Follow Microsoft security and compliance standards.
Customer:
- Review and approve GDAP requests in Microsoft 365 Admin Center.
- Monitor and revoke access when services are complete or no longer needed.
- Ensure internal compliance with Microsoft’s acceptable use policies.