GDAP and Purview Audit

@Sascha Reuter

The issue you're encountering—"Failed to load data. Please try again later." in the Audit section of the Microsoft Defender XDR portal when accessing a customer tenant via GDAP—is a known limitation stemming from the current support scope of Granular Delegated Admin Privileges (GDAP) in Microsoft 365 services.

According to this documentation: https://learn.microsoft.com/en-us/partner-center/customers/gdap-supported-workloads

While GDAP provides partners with more granular and secure access to customer tenants, its support across Microsoft 365 workloads is still evolving. Specifically:

• Microsoft Purview Audit Logs, which underpin the Audit section in Defender XDR, do not currently support access via GDAP relationships.
• Even with roles like Global Reader, partners cannot access certain compliance features, including audit logs, through GDAP.

The absence of Microsoft Purview Audit Logs in this list indicates that this workload isn't supported under GDAP at this time.

To access the audit logs in the customer's tenant, consider the following approaches:

Direct Access by Customer - Request that the customer accesses the Microsoft Purview compliance portal. They can perform the necessary audit log searches and share the results with you.

Delegated User Account - Have the customer create a standard user account within their tenant. Assign appropriate roles to this account, such as Compliance Administrator or Audit Logs Reader. Use this account to access the audit logs directly, bypassing the GDAP limitations.

I hope this information helps.

Kindly consider upvoting the comment if the information provided is helpful. This can assist other community members in resolving similar issues.