Forum Discussion
GDAP and not allowing global admin to auto renew
All the roles were added a few months ago and we were able to move away from requesting the global admin role and enable autorenew without any significant loss in access.
(JW) From my conversations with different people, I am under the impression that customers didn't want Microsoft to allow partners the option of letting the Global Admin role auto-renew. Since I have never met a customer that shared this view, I can't comment on the accuracy of that statement, but that what I've heard.
(LC1) Microsoft recommends that the limit of Global Admin's is no more than 5.
Next message
Your question asking how many Global Admin's are recommended was answered and the recommendation is a maximum of 5:
Microsoft is only making a recommendation (suggestion).
Gotcha, apologies for the misunderstanding. You're thinking the decision to not allow relationships with the global admin role in them may have been because of the recommendation to have less than 5 global administrators.
I agree, that would make more sense to me, but it's not what I've heard. I was looking to see if anyone else has heard the same thing, or know of customers who have expressed that sort of thing.
Thanks!
This is one of the topics being discussed on the Partner Community Q&A Call - CSP - AMER/APAC - English that's taking place right now....they've opened the floor for questions. If you miss the call, place your question(s) in the chat.
I planned to, but my sense was that wasn't the right audience. Maybe the CSP Technical Training or Security calls would be a better place for this topic.
For anyone that missed the call, we can remove the global admin role from an existing relationship to make it eligible for auto-renew. I expect this is targeted at partners who created a relationship with all available roles.
For reference, this is the list of built-in roles with access similar to global admin. 34 of the 43 roles are available through GDAP today.
I say similar because some of the granular roles have access to basic properties while the global admin role has access to all properties. Most likely properties that are not essential common tasks.
| Organizational Branding Administrator | Coming (no eta) |
| Organizational Messages Approver | Coming (no eta) |
| Viva Goals Administrator | Coming (no eta) |
| Viva Pulse Administrator | Coming (no eta) |
| Permissions Management Administrator | Coming (no eta) |
| Edge Administrator | Coming (no eta) |
| Yammer Administrator | Coming (no eta) |
| Virtual Visits Administrator | Coming (no eta) |
| Lifecycle Workflows Administrator | Coming (no eta) |
| Application Administrator | Yes |
| Application Administrator | Yes |
| Authentication policy administrator | Yes |
| Azure Information Protection Administrator | Yes |
| Billing Administrator | Yes |
| Cloud app security administrator | Yes |
| cloud device administrator | Yes |
| Compliance Administrator | Yes |
| Compliance Data Administrator | Yes |
| Conditional Access Administrator | Yes |
| Customer LockBox Access Approver | Yes |
| Desktop Analytics Administrator | Yes |
| Directory Writers | Yes |
| Domain Name Administrator | Yes |
| Exchange Administrator | Yes |
| Fabric Administrator | Yes |
| Global Reader | Yes |
| Hybrid Identity Administrator | Yes |
| Identity Governance Administrator | Yes |
| Insights Administrator | Yes |
| Intune Administrator | Yes |
| Knowledge Administrator | Yes |
| Knowledge Manager | Yes |
| Office Apps Administrator | Yes |
| Power Platform Administrator | Yes |
| Privileged Authentication Administrator | Yes |
| Privileged Role Administrator | Yes |
| Search Administrator | Yes |
| Security Administrator | Yes |
| Security Operator | Yes |
| SharePoint Administrator | Yes |
| Teams Administrator | Yes |
| User Administrator | Yes |
| Windows Update Deployment Administrator | Yes |
All the roles were added a few months ago and we were able to move away from requesting the global admin role and enable autorenew without any significant loss in access.
I see that you're actively engaging here in the community as well as directly with Microsoft on the Teams chat from the Partner Call, where you're discussing GDAP at this moment with Katherine.
I also see that Microsoft is responding to you on the Partner Call chat.
I'm happy to see that you were able to join the call yesterday and open this discussion.
I'll stop engaging here on the community.
Have a great day!
