New Security Policies in CSP
Meet GDAP: The new Microsoft CSP Security program
What is GDAP?
As part of its zero-trust policies, Microsoft is introducing “Granular Delegated Administrator Privileges” (GDAP) to replace the more basic “Delegated Administrator Privileges” (DAP) previously used for Microsoft CSP management.
GDAP is a security feature that provides partners with least privileged access following the Zero Trust cybersecurity protocol. It enables partners to set up granular and time-limited access to their customers’ workloads in production and sandbox environments. This less privileged access must be explicitly granted to partners by their customers.
Granular control and time limit to your clients’ workloads
Better approach to security
Provide more services to End Users
with policies restrictive security
We give you all the tools
Download the toolkit developed by Tech Data Synnex where you will find all the resources to implement GDAP
Guide to configuring your direct access to GDAP
Guide to configuring your direct access to GDAP
Guide: How to do it in StreamOne
One story, three chapters
Microsoft is changing the way we enable partners to deliver and manage services with customers to tighten security and offer a greater opportunity to sell with an advanced security and governance model.
DAP is used by any partner that manages services for their clients or offers technical support to their clients. It is how the partner accesses the customer’s account as an administrator.
DAP: Delegated Administrator Permission
Current Delegated Managing Partner (DAP) relationships are too broad, making it difficult for partners to transact in the enterprise segment. Microsoft is creating better reporting and is rolling out the ability for a partner to disable the DAP connection when not in use.
GDAP: Granular Delegated Administrator Privilege
Customer auditing requirements require partners to restrict their users to granular permissions to perform delegated administration activities. Granular permissions in the customer tenant will help address data security concerns, reduce the blast radius of security incidents, and make partner and customer ecosystems more secure. At the same time, granular permissions will allow partners to tap into a new regulated segment and monetize the advanced security and governance model.
Definitive withdrawal of DAP
Once the new GDAP access system is operational, Microsoft will end the previous DAP model
How Tech Data Synnex Support GDAP
Cybersecurity remains one of the main challenges of our digital age. Building a secure ecosystem requires taking a holistic approach to security that includes a zero-trust mindset, a cloud-centric posture, and investment in people and skills. Zero Trust follows the principles of explicitly verifying, using least privileged access, and assuming the violation. Organizations that operate under these principles are more resilient, consistent, and receptive to new attacks. With our partners, we are taking steps in line with these principles to secure the channel.
Protecting access to customer data is a critical part of ecosystem security and partners should take steps to employ tools for the principle of least privileged access. on the platforms of Tech Data Synnex resellers will have the following features available:
- Visibility of current DAP and GDAP status, assigned roles, expiration date
License and User Administration
- Validate if the reseller has the correct permissions to perform the transaction and if not, prevent the transaction and notify the user
- Ability for reseller to choose “Recommended” category permission
- Activate approval request link and send email
- Trigger notification to reseller when permission is approved
Creation of new tenants
- Reseller can select limited and recommended permission
- Reseller will be able to select the email address to notify when approved
- GDAP and GDAP in SCM ToolTips
- Admin users receive the GDAP request link within the credentials email template
- Marketplace switch to turn GDAP functionality on or off at the country level (“Actionable Reports and User/License mgmt” and “New Tenant Creation”)
Protect your business from cyber attacks against end-customer tenants
As a partner in the Cloud Solution Provider Program, you are responsible for your customer’s consumption of the Microsoft Cloud, so it is important that you are aware of any potential fraud activity in your customers’ Azure and per-user subscriptions. This will allow you to take immediate action to determine whether the behavior is legitimate or fraudulent and, if necessary, suspend the affected Azure resources or Azure subscription to mitigate the issue.
Best practices to protect your business
Implement mandatory security policies in Azure and M365: All end customers must enable MFA at the admin level – MS Guide HERE
- Continuous monitoring and evaluation (Cost Management Portal – security alerts).
- Use the Microsoft 365 Lighthouse to secure and standardize Microsoft 365