"Granular Delegated Administrator Privileges" (GDAP) is a security feature introduced by Microsoft that provides Partners with less privileged access following the Zero Trust cybersecurity protocol. This less privileged access must be explicitly granted to Partners by their Customers. For more information please review the official Microsoft article: Granular delegated admin privileges (GDAP) introduction - Partner Center | Microsoft Learn
The new GDAP capability will replace the more basic "Delegated Administrator Privileges" (DAP), and will allow TD SYNNEX and your company to set up granular and time-limited access to your customers' workloads, meaning that both of us will be better able to address security concerns and regulatory requirements from Customers.
TD SYNNEX has been working to implement the Microsoft's new security model for CSP Customers and has moved automatically all your customers currently in DAP into GDAP, however for new tenants or where GDAP has expired, relationship has to be established.
With regard to Technical Support, to avoid any potential delays arising from a lack of access to your customers' workloads, we kindly request that the tenant's administrator on your side grants us Administrative Privileges to the customer's workload. This will enable us to provide more efficient and effective assistance when troubleshooting any issues that may arise.
Please be informed that while we can work with the ‘Limited Access’ level, it's important to note that only the ‘Recommended Access’ level enables us to provide comprehensive technical support. The Limited access level does have some limitations and may not grant us full privileges to access the End Customer workload. Therefore, we recommend considering the Recommended access level to ensure we can deliver the most effective and thorough support. However, if the situation permits, we are willing to work with the Limited access level if that is the preferred option.
Should the End Customer have implemented a Conditional Access Policy that blocks our access, customer needs to allow TD SYNNEX domains as per the detailed process described in the document Services - Conditional Access Policy Exception. However, if the End Customer chooses not to provide us with the necessary access, we cannot guarantee to be able to support and resolve the Support Request submitted.
Please note that currently, only Partners have the authority to establish the GDAP relationship and grant us access to the customer's workload. If you happen to be the Administrator User of the tenant, you can accept the GDAP access request on behalf of the customer.
If the GDAP relationship has not been established before submitting the Support Request, our support team will guide you to follow the instructions provided in the below User Guide.
GDAP - StreamOne® Ion User Guide
Once you have completed the necessary process, please inform the support team, they will be able to resume troubleshooting for the Support Request that was raised.
Should you encounter any technical issues during the process, or you need assistance on how to set-up our own GDAP environment, please reach out to your TD SYNNEX Sales representative.