DAP -> GDAP. Action required?

HCHTech

HCHTech

Well-Known Member
Reaction score
4,203
Location
Pittsburgh, PA - USA
Skykick is spamming me about this since the deadline is 5/22!!! :rolleyes: Is this FUD or do I need to do something? I use AppRiver for all of my M365 business, and they've been silent on the issue. Maybe only a problem with direct MS tenants?
 
You need to do something, if you don't all your appriver licenses will break and every tenant will die.

You've had a year... good luck.
 
Guess who I'm calling today, haha. Somehow I don't believe AR would have been completely silent on such a dire consequence...if only to avoid the support calls. I'll report back! In fact, search didn't find a single thread here mentioning GDAP...
 
HCHTech said:
Guess who I'm calling today, haha. Somehow I don't believe AR would have been completely silent on such a dire consequence...if only to avoid the support calls. I'll report back! In fact, search didn't find a single thread here mentioning GDAP...
Click to expand...
I'm a AR partner as well. Just searched my email store ( I don't delete anything related to work) for GDAP and the only email I had was from MS January of this year advising of the change. However I don't provide my customers any education on accessing the admin side of things. I did setup 2FA when AR started pushing that.
 
DAP is going away, GDAP has replaced it.

DAP / GDAP is required to link the tenant to the CSP to deliver licenses.

It's also the means you can enroll your own M365 tenant in your customers in a federated way so you can administrate all of your clients via the partner portal. So you don't have to login to each tenant directly.

So yes, you have to maintain it, because if you do not you cannot deliver the licenses you're billing the customer for. And yes, you should have been dealing with GDAP already, I moved all my clients over in March of this year, and even that was a bit late. Now? Now is very much 9th inning time.

Also GDAPs tend to expire annually, so you'll have to redo these links annually.
 
I've opened a ticket with AppRiver (who won't respond until Monday), but since my clients are all "referral" clients, I am not the one billing my clients - Appriver is. I deliberately made that choice, and have no desire to change it. I don't have my own tenant enrolled in theirs as you describe, and I'm not sure I want to do that, either. I'll have to think about that depending on how things go, I guess. When I onboard a new or existing client to M365, I just add my own unlicensed admin user and use that for access whenever something needs done. I'm sure this is wrong, inefficient, setting my clients up for catastrophe and reason to pull my tech membership card, but it works for us.
 
HCHTech said:
I've opened a ticket with AppRiver (who won't respond until Monday), but since my clients are all "referral" clients, I am not the one billing my clients - Appriver is. I deliberately made that choice, and have no desire to change it. I don't have my own tenant enrolled in theirs as you describe, and I'm not sure I want to do that, either. I'll have to think about that depending on how things go, I guess. When I onboard a new or existing client to M365, I just add my own unlicensed admin user and use that for access whenever something needs done. I'm sure this is wrong, inefficient, setting my clients up for catastrophe and reason to pull my tech membership card, but it works for us.
Click to expand...

It just means you don't have to worry about all that billing, which can be quite problematic. That's also probably why they never told you? I assume AppRiver has a team internally looking at all of those tenants, because officially they are theirs, and migrating these relationships.

You can still be attached as a Microsoft Partner and leave your billing as it is, that process counts the tenants against your company and helps you meet the new partner level competencies. But of course if you don't have two MS certified people on staff you're not going anywhere anyway... so all that may be pointless. I maintained it just because it helped me keep myself in the game.
 
Ok, got it. Yeah, I don't use my Microsoft Partner account for anything other than purchasing MAPS each year, and the occasional server CAL. We'll never sell enough to meet their tier requirements, so I don't plan to change that either.
 
Response from AppRiver. Note particularly item 3:

1. What is GDAP? - Granular Delegated Admin Permission is a way for customers to limit Partner Access by granular roles and permissions, and by length of time. By default AppRiver will set GDAP links to last 730 days (2 years) and include the minimum 7 permissions needed for our billing and administration portals to function properly.

For more information please visit the following Microsoft article:
https://learn.microsoft.com/en-us/partner-center/gdap-introduction

2. What are the 7 minimum permissions AppRiver will use by default?
Directory readers
User administrator
Privileged role administrator
Domain name administrator
Privileged authentication administrator
Exchange administrator
Reports reader

For more information please visit the following Microsoft article:
https://learn.microsoft.com/en-us/partner-center/gdap-least-privileged-roles-by-task

3. Does this change affect current customers? - Current AppRiver customers will experience no impact to their current services. We will update our customer tenants behind the scenes via a tool from Microsoft to convert from DAP to GDAP soon.

4. How does this affect any workflow for new orders? - Net new tenants ordered through AppRiver will now generate a setup email which includes the initial admin credentials and a GDAP link that must be accepted in order to continue the typical setup process around domain verification.

5. How does this affect CSP transitions? - Our DEV team plans to release a self-service capability process within your AppRiver Partner Portal - cp.appriver.com in two weeks. This will allow you to complete the GDAP authorization process, connect the tenant with the AppRiver business systems for proper ordering and even schedule the new orders at a future date all by way of a self-service interface.

6. What if we want to modify a GDAP link permissions or length? - Please contact o365operations@appriver.com and provide the specific permissions and length desired for the customer's GDAP preferences and we will supply the unique link.

**Very soon our DEV team plans to release the ability for a partner to self-serve generate a GDAP link within your AppRiver Partner Portal - cp.appriver.com**
 
FYI, if you manage a handful or more of clients, hopefully you tied an account with "Microsoft 365 Lighthouse"...which has a wizard to migrate all. Semi intuitive...almost.
Luckily we use SkyKick to manage our 365 tenants, and it has a super easy peasy button to click...just does it all pretty much with 1 click.
Skykick made it...
s-l1600.jpg
 
You must log in or register to reply here.

Similar threads

britechguy
Google Workspace Business Starter & possible move to M365 Business Standard
Replies
11
Views
423
thecomputerguy
thecomputerguy
HCHTech
Microsoft Authenticator
2
Replies
20
Views
2K
YeOldeStonecat
YeOldeStonecat
HCHTech
M365 can send but not receive email
2
Replies
20
Views
1K
callthatgirl
callthatgirl
HCHTech
M365 - Meeting invites sent from Zoom not appearing in Outlook calendar
Replies
3
Views
320
Sky-Knight
Sky-Knight
HCHTech
Interpreting "Risky Users" in Microsoft Entra admin center
2
Replies
31
Views
3K
britechguy
britechguy
Back
Top