Microsoft Adds Cybersecurity Protocols with New Granular Delegated Admin Policy
ERP partners are always trying to identify continuous improvements for clients, such as adding more functionality, optimizing workflows, and offering new cybersecurity tools or processes. In the area of cybersecurity, so much is changing. New cybersecurity protocols like the Zero Trust Framework are emerging, and Microsoft is acting on these approaches to make its environments more secure.
On March 1, 2023, Microsoft is implementing a new policy called, Granular Delegated Administrative Privileges (GDAP) policy, that will change how ERP partners manage their customers’ production and sandbox environments. This new policy for clients running Microsoft Dynamics 365 Business Central, Microsoft 365, and Azure environments will remove all rights and permissions for ERP partners to access customer, partner tenant, partner user, and workload levels. The policy changes go into effect on March 1, so ERP partners and clients need to discuss access rights immediately. *as of February 2023, Microsoft has changed the effective date to May 22, 2023.
What Does the New GDAP Policy Mean for Customers
With Microsoft’s new GDAP policy, customers will need to explicitly grant a specific level of access to ERP partners. The previous policy allowed almost unrestricted access to a client’s environment. For the new policy, Microsoft advised ERP partners to examine the last 90 days of activity with their customers and determine what’s needed. Customers can provide full access to their partner or remove access if a partner hasn’t used the rights in the last three months. There’s also an option of having a minimum set of administrative privileges.
Microsoft offers an example of how the ERP partner’s access can be partitioned per customer on its Partner Center page. This example reinforces the message that partners will no longer have complete access to all customer tenants across Azure subscriptions through Admin agents by default. Instead, partners managing Azure are part of a separate security group, which is a member of the admin agent group. This group grants owner role-based access control (RBAC) access to all Azure subscriptions for that customer.
Once customers identify the level of access, their partner will work with Microsoft to complete the process.
Increased Security Protocols
This admin change by Microsoft aligns with zero-trust security principles that have emerged across most industries. Zero trust security offers a comprehensive approach focusing on verifying users explicitly, assuming a breach within environments, and employing least privileged access policies. Many IT departments have been implementing endpoint security policies that allow IT departments to supervise and authenticate access rights to endpoint devices or networks.
So make sure you’re working with your partner to find the right level of support by May 22, 2023 – the sooner, the better.
ArcherPoint Can Help You Navigate Cybersecurity
ArcherPoint offers cybersecurity services, including endpoint and infrastructure security management, 24/7 remote monitoring, and cyber insurance qualification assistance.