Customer approval of partner GDAP request

  • Article

Appropriate roles: Global admin

Customers can approve your request for granular delegated admin privileges in the Microsoft 365 admin center.

Granular delegated admin privileges (GDAP) is a security feature that provides partners with least-privileged access following the Zero Trust cybersecurity protocol.

Prerequisites

Customers must remove delegated admin privileges (DAP) roles ("Reseller" relationship type) before they can approve a request granular delegated admin privileges. Doing so ensures that DAP doesn't override GDAP.

To remove DAP roles, customers can use the following steps:

  1. Sign in to Microsoft 365 admin center as a Global admin.

  2. On the Partner relationships page, select the partner of interest.

    Screenshot of the Partner relationships page in Partner Center.

  3. Remove delegated admin privileges (DAP) roles ("Reseller" relationship type) so those don't override granular delegated admin roles.

Getting approval of your GDAP request

After you invite your customer to grant granular delegated admin privileges, they can approve your request.

To approve your request for granular delegated admin privileges, customers can use the following steps:

  1. Open the link from your GDAP invitation email.

  2. Select Approve all on the Approve partner roles page that opens in Microsoft 365 admin center.

    Screenshot of the GDAP relationship approval page with flyout.

You receive a confirmation email notification after your customer approves your GDAP request.

Screenshot of the confirmation email sent to partners.

Your customer also receives a confirmation.

Screenshot of the confirmation email sent to customers.

Next steps