Granular Designated Admin Privileges (GDAP) relationships are starting to expire. Naturally, these requests filtered through to our support team, who spent some time answering many requests from our resellers regarding GDAP.
GDAP are a set of customisable permissions that lend elevated privileges for an outside party to access a tenancy further, within a secure Zero Trust cybersecurity framework. This is usually done between the distributor and end user or the reseller and end user. GDAP provides elevated access to a tenancy so that the support team in Leader Cloud may perform actions such as raising support requests to Microsoft, resetting passwords in Entra ID, checking mail traces on Exchange Online, and much more. GDAP is further split between security policies, whereby you can assign users on your Partner Center to specific groups that may receive GDAP permissions.
Hierarchical explanation of how GDAP works (Microsoft, 2025)
A common misconception is that GDAP is required to be compliant within the reseller channel. This is false, as without GDAP, you are still able to provide licensing to your clients. The confusion stems from another relationship link that is usually run, known as the “Partner Relationship Link,” which adds an end user’s tenancy to Leader Cloud’s. If the GDAP relationship expires, Leader Cloud support may simply re-request it when it is needed during a support case.
If you wish to create a GDAP relationship for your client, please go to partner.microsoft.com, find your client, and select “Admin Relationship,” whereby you can now select “Request a New Relationship” and fill in the details you require. You can select the name, the duration of how long you wish to have the relationship last (730 days is the max number), the Entra ID roles that the relationship requires, and if you wish to enable auto-extend.
For any questions, please reach out at help@leadercloud.com.au.
