Customer approval of partner GDAP request
Appropriate roles: Global admin
Customers can approve your request for granular delegated admin privileges in the Microsoft 365 admin center.
Granular delegated admin privileges (GDAP) is a security feature that provides partners with least-privileged access following the Zero Trust cybersecurity protocol.
Customers must remove delegated admin privileges (DAP) roles ("Reseller" relationship type) before they can approve a request granular delegated admin privileges. Doing so ensures that DAP doesn't override GDAP.
To remove DAP roles, customers can use the following steps:
Sign in to Microsoft 365 admin center as a Global admin.
On the Partner relationships page, select the partner of interest.
Remove delegated admin privileges (DAP) roles ("Reseller" relationship type) so those don't override granular delegated admin roles.
Getting approval of your GDAP request
After you invite your customer to grant granular delegated admin privileges, they can approve your request.
To approve your request for granular delegated admin privileges, customers can use the following steps:
Open the link from your GDAP invitation email.
Select Approve all on the Approve partner roles page that opens in Microsoft 365 admin center.
You receive a confirmation email notification after your customer approves your GDAP request.
Your customer also receives a confirmation.