GDAP and Purview Audit

Sascha Reuter 50 Reputation points
2025-05-15T14:04:24.6166667+00:00

Hello,

we use GDAP to access a customer Tenant via mto.security.microsoft.com.
In the customer tenant Defender XDR Portal, we are unable to correctly use the "Audit" Section in Defender XDR Portal.

It says "Failed to load data. Please try again later." in the lower part of the screen.

We have "Global Reader" rights via GDAP, so this is NOT a rights issue.

For me it looks like certain things in Purview are not yet correctly integrated with GDAP.

Microsoft Security | Microsoft Purview
{count} votes

Accepted answer
  1. Ganesh Gurram 7,295 Reputation points Microsoft External Staff Moderator
    2025-05-15T18:22:54.22+00:00

    @Sascha Reuter

    The issue you're encountering—"Failed to load data. Please try again later." in the Audit section of the Microsoft Defender XDR portal when accessing a customer tenant via GDAP—is a known limitation stemming from the current support scope of Granular Delegated Admin Privileges (GDAP) in Microsoft 365 services.

    According to this documentation: https://learn.microsoft.com/en-us/partner-center/customers/gdap-supported-workloads

    While GDAP provides partners with more granular and secure access to customer tenants, its support across Microsoft 365 workloads is still evolving. Specifically:

    • Microsoft Purview Audit Logs, which underpin the Audit section in Defender XDR, do not currently support access via GDAP relationships.
    • Even with roles like Global Reader, partners cannot access certain compliance features, including audit logs, through GDAP.

    User's image

    The absence of Microsoft Purview Audit Logs in this list indicates that this workload isn't supported under GDAP at this time.

    To access the audit logs in the customer's tenant, consider the following approaches:

    Direct Access by Customer - Request that the customer accesses the Microsoft Purview compliance portal. They can perform the necessary audit log searches and share the results with you.

    Delegated User Account - Have the customer create a standard user account within their tenant. Assign appropriate roles to this account, such as Compliance Administrator or Audit Logs Reader. Use this account to access the audit logs directly, bypassing the GDAP limitations.

    I hope this information helps.

    Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.