![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 20%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
Microsoft Partner Center
A Microsoft website for partners that provides access to product support, app publishing, and other partner services.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 10%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Hugh Baker
Thank you for reaching out to Microsoft Q&A.
The AdminAgents group is NOT a “default group” that exists in every tenant.It exists only in Partner (CSP) tenants, and it is not created in customer (managed) tenants.
So there is nothing to “retrieve” in those customer tenants.
Why you don’t see AdminAgents in many tenants
- AdminAgents exists only in the PARTNER tenant
Microsoft explicitly uses AdminAgents as a Partner Center security group that represents your partner technicians when calling Partner Center APIs and managing customers via DAP/GDAP.
The group lives in your CSP / Partner tenant
It does NOT appear in customer tenants
In customer tenants, it is represented as a foreign principal, not a local group
Microsoft Learn confirms that delegated administration works by assigning roles to security groups in the partner’s Entra tenant, not by creating groups in the customer tenant.
For your reference: https://docs.azure.cn/en-us/entra/identity/users/directory-delegated-administration-primer
2. Customer tenants will not show AdminAgents under Groups
In customer tenants:
The AdminAgents group is not visible in Entra → Groups
It appears only indirectly as a delegated admin relationship
This is expected behavior
Microsoft explicitly states that delegated admins:
Are not visible as users or groups in the customer tenant
Are managed entirely via Partner Center relationships.
3. You are likely checking the wrong tenant
From your description:
“I go to Azure, then groups and only see 3 groups that I think I created”
That typically means:
You are signed into a customer tenant
Or a non‑partner tenant
Or a tenant without CSP / GDAP relationship
AdminAgents should be checked ONLY in your Partner tenant
Below are the resolution steps:-
Step 1: Confirm you are in the Partner tenant
Sign in to Microsoft Entra admin center
Switch to your CSP / Partner tenant
Go to Groups → All groups
Search for AdminAgents
Microsoft Learn documents that this group is required for Partner Center API access and exists in the partner tenant only.
For your reference: M365 | Understanding the AdminAgents Security Group Requirement | Liongard Support Portal
Step 2: Verify Partner relationship (DAP or GDAP)
If AdminAgents exists but CIPP still fails:
Go to Partner Center → Customers
Select a customer
Open Admin relationships
Confirm:
You have an active GDAP relationship
Security groups (including AdminAgents) are assigned
Microsoft confirms that GDAP roles are assigned to partner security groups, not customer groups.
https://learn.microsoft.com/en-us/partner-center/customers/gdap-assign-microsoft-entra-roles
Step 3: Ensure the CIPP service account is in AdminAgents
CIPP documentation explicitly requires:
“The service account must be added to the AdminAgents group to connect to the Microsoft Partner API.”
This is documented in the official CIPP setup guide.
For your reference: https://docs.cipp.app/setup/installation/creating-the-cipp-service-account-gdap-ready
Step 4: If AdminAgents is missing from the Partner tenant
This means the tenant is not a CSP Partner tenant or CSP access was removed.
Microsoft Learn states:
AdminAgents is created when a CSP relationship is established
It is not created in non‑partner tenants.
For your reference: Reinstate admin privileges for Azure CSP - Partner Center | Microsoft Learn
Resolution:
Verify CSP enrollment
Re‑establish a Partner relationship if needed
Imp: "AdminAgents is not a default group in customer tenants
- It exists only in the Partner (CSP) tenant
- Customer tenants show it only as a delegated admin relationship
- CIPP works by:
- Using the AdminAgents group in the partner tenant
- Leveraging GDAP relationships for customer access "
Let us know the above steps helps.
Thanks