Partner Center APIs DAP-to-GDAP transition

Appropriate roles: All Partner Center users

APIs affected by the transition from delegated admin privileges (DAP) to granular delegated admin privileges (GDAP) are detailed on this page. Return to this document to see updates in impact and parity with GDAP.

Important

Azure Active Directory (Azure AD) Graph is deprecated as of June 30, 2023. Going forward, we're making no further investments in Azure AD Graph. Azure AD Graph APIs have no SLA or maintenance commitment beyond security-related fixes. Investments in new features and functionalities will only be made in Microsoft Graph.

We'll retire Azure AD Graph in incremental steps so that you have sufficient time to migrate your applications to Microsoft Graph APIs. At a later date that we will announce, we will block the creation of any new applications using Azure AD Graph.

To learn more, see Important: Azure AD Graph Retirement and Powershell Module Deprecation.

APIs affected by the transition

API DAP removal impact GDAP parity
GetAssignedLicensesAsync Cloud Solution Provider (CSP) partners can't get licenses of the given customer user Partners can use any one of the below roles.
Directory Reader,
Directory Writer,
User Admin,
License Admin
GetSubscribedSkus CSP partners can't view the licenses available for a given customer tenant. Partners can use any one of the below roles.
Directory Reader,
Global Reader,
User Admin,
License Admin
AssignUserLicensesAsync CSP partners can't assign licenses to the customer users Partners can use any one of the below roles.
Directory Writer,
User Admin,
License Admin
Get DirectoryRoles No impact Directory Reader​
GetCustomerDirectoryRoleUserMembers CSP partners can't get Directory roles User Members for a customer Partners can use any one of the below roles.
Directory Reader,
Global Reader,
Directory Writer,
Privileged Role Admin
AddUserMember CSP partner can't add a customer user to a given directory role Privileged Role Admin
RemoveUserMember CSP partner can't remove a customer user from a given directory role Privileged Role Admin
GetCustomerUsersAsync CSP partner user can't view/get the details of all the users in the customer tenant Partners can use any one of the below roles.
Directory Reader,
Global reader,
User Admin
GetCustomerUserDetailsAsync CSP partner can't view/get the details about a user in customer tenant Partners can use any one of the below roles.
Directory Reader,
Global reader,
User Admin
GetUserDirectoryRolesAsync CSP partner can't view/get the directory roles which the customer user is part of. Partners can use any one of the below roles.
Directory Reader,
Global reader,
User Admin
CreateCustomerUserAsync CSP partner can't create new users in customer tenant Partners can use any one of the below roles.
Directory Writer,
User Admin
DeleteCustomerUserAsync CSP partner can't delete users in customer tenant User Admin
UpdateCustomerUserAsync CSP partner can't update properties of a user in customer tenant. (Don't use this API to reset passwords, look for the new ResetPassword API for GDAP) Partners can use any one of the below roles.
Directory Writer,
User Admin
ResetPassword (no API docs available) CSP partners can't reset the passwords of users in customer tenant User Admin / Privileged Authentication Admin to reset password for license management users
Privileged Authentication Admin to reset password for all other users
Get all service requests for a customer Unable to view support
tickets for the customer
Any role that supports microsoft.office365.supportTickets
/allEntities/allTasks or microsoft.azure.supportTickets
/allEntities/allTasks
Permissions reference
Get the customer service requests by ID Unable to view support
tickets for the customer
Any role that supports microsoft.office365.supportTickets
/allEntities/allTasks or microsoft.azure.supportTickets
/allEntities/allTasks
Permissions reference
GetSubscribedSku Partner can't see all the available licenses on customer tenant across different channels. Partners can use any one of the below roles.
Directory Reader,
Global reader
Update Qualification DAP isn't required for accessing this API No GDAP Role Required
Get Customer ID The following attributes don't return:
CustomDomain, CompanyProfileEmail, CompanyProfileAddress.
New APIs created that support GDAP GetCustomerDomains
GetCustomerOrganization
Directory Reader
GetCustomerCompanyProfile The following attributes don't return:
CustomDomain, CompanyProfileEmail, CompanyProfileAddress.
New APIs created that support GDAP GetCustomerDomains
GetCustomerOrganization
Directory Reader
Get Upgrades CSP partners can't see if they're eligible for upgrades with license transfer. Partners can use any one of the below roles.
Directory Reader, Global reader
Get Transition Eligibilities CSP partners can't see if they're eligible for transitions with license transfer. Partners can use any one of the below roles.
Directory Reader,
Global reader
Note: While this API is available for legacy and new commerce experience (NCE), GDAP is only required for legacy.
Upgrade CSP partners can't conduct a license transfer during an upgrade. Directory Reader or Global reader (upgrade only)
Directory Writer (upgrade with license transfer)
Create Transition CSP partners can't conduct a license transfer during transition. Directory Reader or Global reader (transition only)
Directory Writer (transition with license transfer)
Note: While this API is available for legacy and NCE, GDAP is only required for legacy.
Get Provisioning Status by Subscription by ID CSP partners can't see the provisioning status for their subscriptions. Partners can use any one of the below roles.
Directory Reader,
Global reader
Get the managed services for a customer by ID CSP partners are unauthorized. Partners can use the new Graph API. List serviceManagementDetails
Update a customer's qualifications asynchronously CSP partners are unauthorized. For Government Community Cloud (GCC) qualifications only.
Partners can use any one of the below roles.
Directory Reader,
Directory Writer,
User Admin,
License Admin