May 22 2024 07:02 AM
Jun 04 2024 10:51 AM
Hi @jonwbstr24 ,
We're looking into GDAP renewals, as they're coming up for us as well. We also selected a lot of Roles (you never know...) including Global Admin (just in case...) only to find out that Auto Renew doesn't work if GA is included 😞
I mostly do automation and development so I've not personally run into something I couldn't do with the Roles we have assigned (which is most, but not all -- and NOT Global Admin, that was strictly for "just in case" and I don't believe we've used it). But if you've found things that can't be done - or require many, many roles (which need to be configured for each customer's GDAP Relationship) that would be a drag.
If you can convince MS to allow auto-renew this time, until they tweak the Roles -- I'd support it. Like you, our Customers expect us to "entirely manage their infrastructure and services" so there's no real "what do the clients think?" for us, it's more "we need this to do as they ask: manage everything efficiently". However I doubt MS will go for it, but you never know. I believe the reason is simply "fewer permissions is more security".
If you CAN live without the Global Admin Role, I just noticed this:
You can remove the GA Role from a GDAP Relationship. I've not tried it, but it should allow auto-renew to be enabled (which can be done via API I believe). If we automate creating the GDAP Relationships and Role/Group assignments then perhaps having so many Roles to accomplish what you need (ie. everything but GA) I think it will be fairly painless. We'll see...
--Saul
Aug 06 2024 04:01 PM