Before You Touch GDAP, Audit the DAP Access You Already Have

TL;DR
- Every DAP relationship grants standing Global Admin access to a downstream customer tenant, which is the exact mechanism supply chain attacks like Nobelium exploited.
- As of January 2022, Partner Center reports on all DAP relationships under Settings > Account Settings > Security Center > Administrative Relationships.
- The DAP report shows how many partner agents signed into each customer tenant in the past 24 hours and how many sign-ins used delegated access.
- The Days Inactive column identifies stale DAP relationships, and the same screen lets you terminate them in bulk for customers you no longer manage.
- DAP reporting is the first phase of Microsoft's 2022 shift from DAP to least-privilege GDAP relationships.
How many customer tenants can your Partner Center reach right now, and how many of those customers do you still actually manage? Most MSPs cannot answer that from memory, and until recently Partner Center gave you no report to answer it with.
The background: both distributors (Microsoft Indirect Providers, the CSP Tier 1s) and MSPs (Indirect Resellers) have traditionally established Delegated Admin Privileges (DAP) with all downstream customers. Distributors use it to license tenants and provide support; you use it to support customers and perform day to day management through Partner Center. The problem is that DAP grants Global Admin access, the keys to the kingdom, to every downstream customer. If you are compromised, or your distributor is, your customers may be too. That is the mechanism behind the supply chain attacks of the past few years, most notably Nobelium.
Microsoft's answer is the shift to GDAP, the least-privilege model we covered in our GDAP overview, which the channel begins moving to during 2022. The first phase of that transition is already live: granular reporting on the DAP relationships you hold today, so you can clean house before migrating customers to GDAP. Here is where the reporting lives and what it shows.
Where does Partner Center hide the DAP report?
- Go to Settings (the gear icon in the top right corner) > Account Settings
- In the left-hand nav, find Security Center > Administrative Relationships

What does the report actually tell you?

- A single view of all DAP relationships
- Stats on how many Partner Center agents are signing in per customer over the past 24 hours
- Stats on how many times Partner Center agents used DAP to sign into customer tenants within the past 24 hours
- Days Enabled, which is really only useful for newer relationships
- Days Inactive, which is the column that matters: it surfaces stale relationships
- Termination of DAP relationships: select one or many customers and remove the existing relationship. Reserve this for customers you genuinely no longer manage.
What should you do with it?
Open this report in your Partner Center today and remove DAP relationships for every customer no longer under management. Each one you cut is standing Global Admin access nobody is using and nobody is watching. Then watch for the GDAP announcements as the broader transition begins later in 2022.
Stale partner access is just one kind of drift
CloudCapsule scans 250+ controls per tenant in about 60 seconds, so quiet standing access and forgotten settings show up before an attacker finds them.
Run a free scan
Written by
Nick Ross
CEO · Microsoft MVP · Founder, T-Minus 365
Nick is not just a CEO, he's a respected thought leader and influencer in the MSP space. Tens of thousands of MSPs learn through his YouTube channel, T-Minus365. Nick has been honored as a three-time Microsoft MVP for his educational content; his expertise and influence are the backbone of our mission, ensuring that you are in the best hands when it comes to security.
Nick joined Pax8 in 2017, where he would ultimately oversee product management for PSA and Microsoft integrations. Following his tenure at Pax8, Nick has continued to demonstrate his leadership prowess as an executive at various MSPs, culminating in his most recent role at Sourcepass.
Nick holds a Bachelor's Degree in Business Management from Florida State University, as well as a Minor Degree in Entrepreneurship. In his free time, Nick is an avid hiker, reader, and fitness-junkie.


