The company therefore created granular delegated admin privileges (GDAP). As the name implies, GDAP limits the resources and permissions partners enjoy when driving their customers’ systems. It also adds zero-trust principles to further reduce the likelihood that an attack on a partner will mean pain for end customers. Partners and Microsoft customers alike were told they would need to stop using DAPs and instead move to GDAPs. So far, so sensible. But also a little controversial, because partners can create GDAP profiles in customers’ Active Directory implementations — customers don’t need to give permission for the creation of GDAP profiles, but do need to sign them off. The move from DAP to GDAP has been slow. Microsoft set October 31, 2022, as the date on which it would discontinue the software that automates DAP to GDAP migrations, then moved that date to March 1, 2023. Those delays came after Redmondt’s initial ambition was for DAP to die by the end of 2022.
Read more of this story at Slashdot.