![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 76%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDG%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Other
Miscellaneous topics that do not fit into specific categories.
Hi,
Thank you for sharing your question. I understand how challenging it can be when strict internal security policies prevent external partners from accessing the tools they need to support your system.
It’s completely reasonable to look for a solution that allows secure partner access without requiring your ICT department to issue an internal O365 account.
In situations like this, Microsoft typically recommends using Delegated Admin Access (DAP) or the newer Granular Delegated Admin Privileges (GDAP). These methods allow a certified Microsoft partner to access and support your environment using their own Microsoft Entra ID tenant, meaning they do not need an account in your organization. GDAP in particular offers more restrictive, time‑bound, and role‑based access, which often satisfies strict ICT security requirements while still enabling partners to perform support tasks. Your ICT department only needs to approve the relationship and assign the appropriate levels of access they don't need to create or manage partner accounts internally.
May I ask whether your support partner is already enrolled as a Microsoft Cloud Solution Provider (CSP) or registered partner, and whether your organization has previously used DAP or GDAP for other services?
Feel free to share your ICT team’s concerns, and I’d be happy to help you determine the safest and most compliant way to provide your partner with the access they need.
I hope this helps.
Best Regards,
Noel
