Support for granular delegated admin privileges (GDAP)

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically Mar 1, 2022 Apr 1, 2022

Business value

We enhance the security posture of Business Central online customers that work with Microsoft Cloud Solution Provider (CSP) partners. Customers can now approve least-privileged, granular, and time-bound access to their environments.

Feature details

Granular delegated admin privileges (GDAP) is a security feature of Microsoft Partner Center that provides partners with least-privileged, granular, and time-bound access to their customers' workloads in production and sandbox environments. This least-privileged access must be explicitly granted to partners by their customers.

In particular, Business Central customers are no longer required to grant Global Admin privileges to the partners in their Azure Active Directory. The partner can request access for least-privileged roles, such as Dynamics 365 Administrator or HelpDesk Agent. The level of access that the partners get to their customers' Business Central environments using GDAP is identical to the level of access they used to be getting in the past. However, by using one of these two roles, partners get significantly less access to other customers' workloads and within their Azure Active Directory.

Find out more about GDAP in the Partner Center documentation.

Read the Partner Center announcement about the technical release of granular delegated admin privileges, published in January 2022.

Creating GDAP request in Partner Center

See also

Delegated Administrator Access to Business Central Online (docs)