Forum Discussion
Domain administration not possible with GDAP
Hey everyone, I got resolution to ticket and with it information from Microsoft that Domain registration in behalf of the customer to customers tenant is not supported and will not be in the fut...
As I wrote: it unfortunately seems, that with GDAP Microsoft takes away possibility to use CSP credentials to help customers with domain registration or domain related problems.
Merely the point of the post was to enquire oppinions and ways to "workaround" this change with other partners. From Microsofts point of view they have made their decision and if not number of partners want a change this, it's likely not going to happen.
The team recommended me to take this to the forum, and as I'm more than happy to know if we are only ones with this, that's what I did.
LicensingConcierge1
Microsoft
Microsoft
Understood.
You may want to attend the next Partner Community Call, which will be in August & mention this to one of the hosts.
If the topic is not related to GDAP, then try logging on early to ask one of the hosts, or put it in the chat during the call - June 2023 Learning Partner Community Call - OneDrive (live.com)
Hope your feedback gets the visibility you're looking for.
If this (or someone else's) reply answers your question, please Accept as the solution to help the other members find it more quickly. Otherwise, please let me know if you need further assistance on this topic.
Regards,
Microsoft CSP Licensing Concierge
Hi,
as this problem still persists in 2025 using our CSP support accounts (I was not the employee at my company, who was involved in any tasks regarding the DAP to GDAP transition/migration) I'm still not aware of the fact, what exactly is going on with the mostly needed permissions to successfully support our customers:
With our CSP Credentials (& the new GDAP), it's not possible to do any domain management inside M365 AC. Also, I can not create or stop/delete migration batches. Another restriction is the inability to change the "accepted domains" between "Internal Relay" and "Authoritative" (when using multiple mail-server configs for the same domain)Is this issue due to missing any specific GDAP roles/permissions ?
Or is this intended "by design" by Microsoft ?The only workaround I know, is to create a further user inside of the customers't tenant, add the "Global Administrator" role to this user, log out with CSP user & log in back with the new support@ local tenant Global Administrator: Then I can add/remove domains, add/stop/delete migration batches, switch the accepted domain between Internal Relay and Authoritative etc. - but this additional local tenant support user is an unneccesary additional security risk, and instead of increasing the overall MS user/tenant security by migrating to GDAP, it seems that the opposite is now what we face? :D
I hope someone can help me (& my company) with these questions, as I still didn't got any sufficient feedback from inside company & I'm not really responsible for these permission/rights/GDAP management for our partner center CSP accounts. I'd like to do my support tasks like back in the days of DAP and "help our customers directly", instead of choosing between "Here customer, this is what you should do, unfortunately I have no rights to do for you" and a further potential security risk (and time wasted in creating these users anywhere in customer's tenants...)
