Partner Center APIs DAP-to-GDAP transition
Appropriate roles: All Partner Center users
APIs affected by the transition from delegated admin privileges (DAP) to granular delegated admin privileges (GDAP) are detailed on this page. Return to this document to see updates in impact and parity with GDAP.
Important
Azure Active Directory (Azure AD) Graph is deprecated as of June 30, 2023. Going forward, we're making no further investments in Azure AD Graph. Azure AD Graph APIs have no SLA or maintenance commitment beyond security-related fixes. Investments in new features and functionalities will only be made in Microsoft Graph.
We'll retire Azure AD Graph in incremental steps so that you have sufficient time to migrate your applications to Microsoft Graph APIs. At a later date that we will announce, we will block the creation of any new applications using Azure AD Graph.
To learn more, see Important: Azure AD Graph Retirement and Powershell Module Deprecation.
APIs affected by the transition
| API | DAP removal impact | GDAP parity |
|---|---|---|
| GetAssignedLicensesAsync | Cloud Solution Provider (CSP) partners can't get licenses of the given customer user | Partners can use any one of the below roles. Directory Reader, Directory Writer, User Admin, License Admin |
| GetSubscribedSkus | CSP partners can't view the licenses available for a given customer tenant. | Partners can use any one of the below roles. Directory Reader, Global Reader, User Admin, License Admin |
| AssignUserLicensesAsync | CSP partners can't assign licenses to the customer users | Partners can use any one of the below roles. Directory Writer, User Admin, License Admin |
| Get DirectoryRoles | No impact | Directory Reader​ |
| GetCustomerDirectoryRoleUserMembers | CSP partners can't get Directory roles User Members for a customer | Partners can use any one of the below roles. Directory Reader, Global Reader, Directory Writer, Privileged Role Admin |
| AddUserMember | CSP partner can't add a customer user to a given directory role | Privileged Role Admin |
| RemoveUserMember | CSP partner can't remove a customer user from a given directory role | Privileged Role Admin |
| GetCustomerUsersAsync | CSP partner user can't view/get the details of all the users in the customer tenant | Partners can use any one of the below roles. Directory Reader, Global reader, User Admin |
| GetCustomerUserDetailsAsync | CSP partner can't view/get the details about a user in customer tenant | Partners can use any one of the below roles. Directory Reader, Global reader, User Admin |
| GetUserDirectoryRolesAsync | CSP partner can't view/get the directory roles which the customer user is part of. | Partners can use any one of the below roles. Directory Reader, Global reader, User Admin |
| CreateCustomerUserAsync | CSP partner can't create new users in customer tenant | Partners can use any one of the below roles. Directory Writer, User Admin |
| DeleteCustomerUserAsync | CSP partner can't delete users in customer tenant | User Admin |
| UpdateCustomerUserAsync | CSP partner can't update properties of a user in customer tenant. (Don't use this API to reset passwords, look for the new ResetPassword API for GDAP) | Partners can use any one of the below roles. Directory Writer, User Admin |
| ResetPassword (no API docs available) | CSP partners can't reset the passwords of users in customer tenant | User Admin / Privileged Authentication Admin to reset password for license management users Privileged Authentication Admin to reset password for all other users |
| Get all service requests for a customer | Unable to view support tickets for the customer |
Any role that supports microsoft.office365.supportTickets /allEntities/allTasks or microsoft.azure.supportTickets /allEntities/allTasks Permissions reference |
| Get the customer service requests by ID | Unable to view support tickets for the customer |
Any role that supports microsoft.office365.supportTickets /allEntities/allTasks or microsoft.azure.supportTickets /allEntities/allTasks Permissions reference |
| GetSubscribedSku | Partner can't see all the available licenses on customer tenant across different channels. | Partners can use any one of the below roles. Directory Reader, Global reader |
| Update Qualification | DAP isn't required for accessing this API | No GDAP Role Required |
| Get Customer ID | The following attributes don't return: CustomDomain, CompanyProfileEmail, CompanyProfileAddress. |
New APIs created that support GDAP GetCustomerDomains GetCustomerOrganization Directory Reader |
| GetCustomerCompanyProfile | The following attributes don't return: CustomDomain, CompanyProfileEmail, CompanyProfileAddress. |
New APIs created that support GDAP GetCustomerDomains GetCustomerOrganization Directory Reader |
| Get Upgrades | CSP partners can't see if they're eligible for upgrades with license transfer. | Partners can use any one of the below roles. Directory Reader, Global reader |
| Get Transition Eligibilities | CSP partners can't see if they're eligible for transitions with license transfer. | Partners can use any one of the below roles. Directory Reader, Global reader Note: While this API is available for legacy and new commerce experience (NCE), GDAP is only required for legacy. |
| Upgrade | CSP partners can't conduct a license transfer during an upgrade. | Directory Reader or Global reader (upgrade only) Directory Writer (upgrade with license transfer) |
| Create Transition | CSP partners can't conduct a license transfer during transition. | Directory Reader or Global reader (transition only) Directory Writer (transition with license transfer) Note: While this API is available for legacy and NCE, GDAP is only required for legacy. |
| Get Provisioning Status by Subscription by ID | CSP partners can't see the provisioning status for their subscriptions. | Partners can use any one of the below roles. Directory Reader, Global reader |
| Get the managed services for a customer by ID | CSP partners are unauthorized. | Partners can use the new Graph API. List serviceManagementDetails |
| Update a customer's qualifications asynchronously | CSP partners are unauthorized. | For Government Community Cloud (GCC) qualifications only. Partners can use any one of the below roles. Directory Reader, Directory Writer, User Admin, License Admin |