Lets learn something new

Cloud, Cybersecurity, DevOps, AI

Azure

Microsoft DAP to GDAP Transition

ByArnav Sharma

Mar 4, 2024 #azure
Endpoint Security vs. Antivirus

Last Updated on August 7, 2025 by Arnav Sharma

Microsoft is committed to providing enhanced security practices across its platforms. As part of this effort, the company is facilitating a transition from Delegated Admin Privileges (DAP) to Granular Delegated Admin Privileges (GDAP) for the management of Azure, Microsoft 365, and other cloud resources, marking a shift in how DAP permissions are assigned and managed. This change offers benefits for all involvedโ€”Microsoft, different Microsoft partners, and customers, fostering a more secure and manageable environment. partners, and customers.

DAP and GDAP: An Overview

  • DAP (Delegated Admin Privileges): Traditionally, Cloud Solution Providers (CSPs), indirect resellers, and other Microsoft partners used DAP to manage their customers’ services. DAP provided partners with global administrator access across a customer’s entire tenant.
  • GDAP (Granular Delegated Admin Privileges): GDAP is a more refined permissions model. Instead of broad administrative access, GDAP allows partners to assign specific roles and permissions for precise tasks required to manage customer environments.

Why is Microsoft Transitioning from DAP to GDAP?

The move from DAP to GDAP is fundamentally about security. DAP’s extensive permissions posed unnecessary security risks. With GDAP, monitoring is enhanced, including default GDAP reporting. partners and Microsoft work together to establish a “least privilege” model, minimizing potential attack surfaces and vulnerabilities.

Key Points:

  • Transition to GDAP as Soon as Possible: It’s imperative for partners to proactively transition their existing DAP relationships to GDAP. Microsoft is phasing out support for DAP.
  • Create GDAP Relationships: Microsoft Partners should prioritize using GDAP for all new customer relationships. The process is straightforward via the Microsoft Partner Center.
  • Use Microsoft 365 Lighthouse: For multi-tenant management, use Microsoft 365 Lighthouse to leverage GDAP relationships effectively.
  • GDAP Security: GDAP is inherently more secure due to its granular permissions model compared to the widespread privileges of DAP.

The DAP to GDAP Transition Process

  • Create a GDAP Relationship: Partners initiate the process in the Partner Center. The customer receives a request to accept a GDAP relationship request.
  • GDAP Takes Precedence Over DAP: Once a GDAP relationship is established, new DAP relationships are also considered for future adjustments. GDAP permissions take precedence, enhancing security controls.
  • Remove DAP: Microsoft recommends that partners remove DAP relationships after moving customers from DAP to GDAP. This can be done in the Partner Center or with the GDAP bulk migration tool.
    • Microsoft will remove the DAP relationship if no additional activity takes place within 30 days after the partner has established a new GDAP relationship.

GDAP’s Advantages

  • Enhanced Security: Limits potential cyber-attack surfaces while still providing partners with the necessary level of access.
  • Improved Role Assignment: GDAP simplifies role management, using the principle of least privilege to prevent inadvertent security compromises.
  • Customer Trust: GDAP ensures customers that partners only have the permissions required to perform authorized tasks, relying on the stringent application of new DAP relationships and permissions.

Important Considerations

  • Microsoft will stop granting DAP for new customer environments. Existing DAP relationships may be subject to additional Microsoft service restrictions.
  • Microsoft’s transition from DAP to GDAP includes Azure, Microsoft 365, Dynamics 365, and Microsoft Power Platform.

The Shift from DAP to GDAP: Conclusion

The move to GDAP aligns with Microsoft’s commitment to securing its cloud solutions. While requiring adjustment for partners, GDAP provides significantly improved security compared to DAP. Here’s what Microsoft partners need to do:

  • Create GDAP relationships whenever possible and migrate from DAP
  • Use GDAP as the default administration model for customer tenants.
  • Enable a ‘least privilege’ security model to better protect customer resources.

Related Post

Artificial Intelligence Azure

Cost Optimization for Azure AI Services

Dec 8, 2025 Arnav Sharma
Azure

Microsoft Ignite 2025: The Agent Economy

Dec 5, 2025 Arnav Sharma
Azure Cybersecurity

Azure’s Top Security Threats and How to Stop Them

Nov 27, 2025 Arnav Sharma

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You missed

Cybersecurity Updates

Vulnerabilities That Will Define 2026

January 3, 2026 Arnav Sharma
HashiCorp

That’s All for the HashiConf 2025 Keynote

December 22, 2025 Arnav Sharma
Cybersecurity

Top Cybersecurity Paths in 2026

December 19, 2025 Arnav Sharma
AI Artificial Intelligence

Why Do We Have LLM Hallucinations?

December 18, 2025 Arnav Sharma