Microsoft GDAP

Feature Highlight: Microsoft G/DAP


CloudBlue enhances security of Microsoft Partner-led channel.


Microsoft is taking important steps to securitize the NCE Partner-led channel by replacing legacy Delegated Administrative Privileges (DAP) with modern Granular DAP (G/DAP).

CloudBlue has embraced modern G/DAP as one of worldwide Microsoft Control Panel Vendors (CPV), completing an integration on Microsoft’s timelines. CloudBlue customers have an opportunity to adopt G/DAP in their business via CloudBlue technologies.

CloudBlue has gone beyond minimum requirements to further help our customers protect from security and fraud incidents with unique differentiating features.

Why G/DAP is important

The problems with legacy DAP

A key differentiator of the Partner-led channel is that Microsoft Partners may deliver value-adding activities to Customers, often by managing aspects of their Customers’ environments. This requires Customers to give Permissions to their Partners for accessing their environment. Customers may be concerned with their own regulatory or compliance obligations, or that malicious actors could gain access to their environment via the legacy DAP. Here, there is a tradeoff between Partner value-adds and security risks.

With legacy DAP, Customers were faced with an all-or-nothing proposition of giving a Microsoft Partner full control over their environment with Administrator privileges or refusing access altogether. A malicious actor exploiting legacy DAP may gain substantial control within a Customer environment. By refusing access, though, Customers lose the benefits of receiving value-added services from a Microsoft Partner.

Modern G/DAP value proposition

With modern G/DAP, Partners may request least-privilege access by selecting only specific desired permissions (granularity) needed to perform agreed upon functions. Permissions may be aggregated into Roles for convenience and are time-bounded requiring Customers’ periodic review before auto-expiring. 

Now, Microsoft Customers may grant Microsoft Partners limited permission with modern G/DAP, which may help them to meet certain regulatory or compliance obligations and may mitigate the security risks of malicious actors exploiting a Partner Relationship.

Profitability and security go hand-in-hand

For CloudBlue customers to be most profitable in the Partner-led channel, they benefit from being able to offer value-added services to as many of their Microsoft Customers as possible. CloudBlue wants to help increase adoption and penetration of modern G/DAP and has invested in compelling user journeys to drive that.

 A set of powerful differentiating features

  1. Our first key differentiating feature joins modern G/DAP into the New Microsoft Customer Creation user journey. This conveniently positions the opportunity for Partners to request a modern G/DAP Relationship with every new Customer. This ensures that their distribution base grows with modern G/DAP being consistently positioned.

    Previously, transacting Partners would have needed to complete new customer creation, wait for Microsoft provisioning, and remember to go to back to a separate panel to request a modern G/DAP Partner Relationship. We’ve removed potential for error or omission by placing modern G/DAP inline to a core user journey.
  2. Our second differentiating feature allows CloudBlue customers that are Microsoft Direct Billed Provider Partners to define a default modern G/DAP Role for use with all new Microsoft Customers. For Microsoft Partners, this adds convenience and governance certainty to the New Customer journey about what Role is being requested. It also allows CloudBlue customers to tailor the invitation request core content and branding.
  3. Our third differentiating feature is for large CloudBlue customers with multiple Operating Companies (Op Cos). It allows them to set separate preferences for each, such as localizing any of the default Roles and the invitation core content. This helps Op Cos if they need to set different permissions for regulatory purposes, to change the invitation language, or to advertise separate local support contact information and so on.
  4. Our fourth differentiating feature is for CloudBlue customers to assign a Vanity Name to their Default G/DAP Relationship for New Customers, which CloudBlue combines with a unique Microsoft identifier. This helps Microsoft Customers with multiple concurrent G/DAP Relationships to easily distinguish roles from one another in their environment.

The journey continues

CloudBlue continues to work on exciting new features, including differentiating features specific to Ingram Micro Cloud and Microsoft Reseller Partners. Stay tuned for future editions of this CloudBlue Feature Highlights series.

CloudBlue, an Ingram Micro Business uses Cookies to improve the usability of our site. By continuing to use this site and/or log-in you are accepting the use of these cookies. For more information, visit our Privacy Policy