Microsoft
Thanks for your response. Here is my experience with a recent on-boarding for one of the CSP workspace.
It was interesting to see that for an indirect reseller owned subscription inspite of having DAP and the user is part of AOBO group we couldn't enable Sentinel Connector (example: Microsoft Defender ATP) for the workspace in the customer tenant though the subscription is owned by us as a CSP (indirect seller) with owner access at the subscription level. The expectation at sentinel workspace is that user must have Global or Security Admin privilege at the workspace tenant to enable connectors like defender or office. To assign Global Admin or Security Admin at the customer at the workspace tenant the user needs to be local to their tenant which mean either we end up creating an additional user at client tenant to assign Global or Security Admin privilege or grant access to their tenant global admin user so that they activate required connectors.
I do not see DAP fully serve the required ownership for a CSP user who is a indirect seller.
My question how do I achieve taking complete ownership including activation of required sentinel connectors without having a local user at customer tenant?
Thanks
