Try for Free Contact Us
Key Features
  • Microsoft Azure
  • Remote Monitoring & Mangement
  • Antivirus & Antimalware Protection
  • Backup & Disaster Recovery
  • Documentation & Asset Management
  • Ticketing & Helpdesk
  • Top-Tier Security Compliance
    • One Platform
    All the Features

    Documentation

    Azure GDAP

    Azure GDAP (Granular Delegated Admin Privileges) allows Microsoft partners to manage
    customers’ Azure or Microsoft 365 environments with finely tuned permissions. In MSPControl, the Azure GDAP page provides an overview of these admin relationships, letting you check compliance, view assigned roles, and terminate outdated or non-compliant privileges.

    Admin Relationships Dashboard

    The main Azure GDAP (or Admin Relationships) page lists all active and expired GDAP links between your partner account and customer tenants. Common columns include:

    • Admin Relationship Name – A descriptive label (e.g., Contoso-GDAP-relationship) for the GDAP relationship.

    • Customer – The tenant or customer name (e.g., Contoso) linked to the GDAP relationship.

    • Status – Indicates whether the relationship is Active, Expired, or Pending.

    • Start Date – The date when the GDAP relationship began.

    • End Date – When the relationship is set to expire (if any).

    • Compliance Status – Shows if the relationship meets your organization’s policy requirements (e.g., Policy Compliant or Non-Compliant).

    • Terminate – A button or icon (e.g., “Terminate Admin Relationship”) to end the GDAP privileges for that customer.

    Filters like Only Active, Only Created in Crom Portal, or Only Not Compliant help you narrow the list and find specific relationships quickly.

    Viewing Admin Relationship Details

    Clicking the Admin Relationship Name opens a panel showing in-depth info:

    • Status – Reiterates whether it’s Active or Expired.

    • Start / End Dates – The official date range for the GDAP privileges.

    • Roles & Permissions – A list of Azure or M365 admin roles granted (e.g., Azure Information Protection Administrator, Billing Administrator, Global Administrator).

    • Security Groups – Any groups or security-based memberships tied to the relationship.

    This panel helps confirm which privileges are assigned and when they expire, ensuring you have a clear record of delegated access.

    Terminating a GDAP Relationship

    If a relationship is no longer needed or is found to be non-compliant, click Terminate Admin Relationship in the table. MSPControl prompts you to confirm the action. Once terminated, the partner account loses the associated privileges for that customer tenant.

    Best Practices

    • Review Regularly – Periodically check End Dates and Compliance Status to ensure privileges aren’t overextended or misaligned with policy.

    • Use Filters – Focus on Only Not Compliant or Only Active to quickly address relationships needing attention.

    • Maintain Documentation – Note reasons for each relationship, especially for high-privilege roles like Global Administrator.

    • Terminate Unused Access – End relationships that are no longer necessary to reduce your security footprint.

    By using Azure GDAP in MSPControl, partners gain a clear overview of delegated admin
    privileges, ensuring each customer’s environment remains secure, compliant, and properly governed.

    Boost efficiency and profitability with MSPControl.

    No credit card required for free, limited license.