Introduction

As a Microsoft Partner, Eden Akers utilizes Granular Delegated Admin Privileges (GDAP) to securely manage and support your Microsoft services. Accepting a GDAP link is a crucial step in enabling Eden Akers to provide the necessary support and to facilitate the provisioning of licenses ordered through the Cloud Marketplace within your tenant. This document outlines the timing, rationale, and procedure for accepting a GDAP link, with a detailed focus on the security implications from your perspective.

When to Accept a GDAP Link

You will receive a GDAP link invitation as part of your on-boarding to Eden Akers to establish a GDAP relationship with your organization. It is advisable to accept this link promptly to ensure uninterrupted support and service provisioning. Please note that GDAP relationship requests expire after 90 days if not acted upon.

Why Accept a GDAP Link

Accepting a GDAP link authorizes Eden Akers to manage specific aspects of your Microsoft services, enabling efficient support and license provisioning. GDAP enhances security by adhering to the Zero Trust cybersecurity model, providing granular and time-bound access to your workloads. This approach ensures that Eden Akers has only the necessary permissions to perform support functions, aligning with best practices for least-privileged access.

How to Accept a GDAP Link

To accept a GDAP link, follow these steps:

  1. Open the GDAP Invitation Email: Locate the email containing the GDAP invitation link sent by Eden Akers.

  2. Access the Microsoft 365 Admin Center: Log in to the Microsoft 365 Partner Center using your Tenant Admin credentials. Once logged in, copy the GDAP link from the email and paste it into the browser session where the Microsoft Partner Center is open.

  3. Review and Approve Partner Roles: On the "Approve partner roles" page, review the requested permissions and select "Approve all" to grant the necessary access.

Upon approval, both your organization and Eden Akers will receive confirmation notifications, and the GDAP relationship will be established.

Security Impact from a Customer's Perspective

Accepting a GDAP link will provide:

  • Enhanced Security Through Least-Privileged Access: GDAP allows Eden Akers to request only the permissions essential for support and service provisioning, minimizing potential security risks. This granular control ensures that access is limited to specific roles and tasks, adhering to the principle of least privilege.

  • Time-Bound Access: GDAP relationships are configured with a defined duration, up to a maximum of two years. This time-bound access ensures that permissions are not indefinite and can be reviewed and renewed as needed.

  • Transparency and Control: You retain full visibility and control over the GDAP relationship. You can monitor active relationships, review assigned roles and terminate the relationship at any time if necessary.

  • Compliance with Regulatory Requirements: For organizations with specific regulatory needs, GDAP facilitates compliance by enabling the assignment of least-privileged access to partners, aligning with various security and compliance standards.


By accepting the GDAP link, you enable Eden Akers to provide effective support and service provisioning while maintaining a high standard of security and compliance within your Microsoft environment.