Personalized Community is here!
Quickly customize your community to find the content you seek.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2023 Release Wave 1Check out the latest updates and new features of Dynamics 365 released from April 2023 through September 2023
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
ERP partners are always trying to identify continuous improvements for clients, such as adding more functionality, optimizing workflows, and offering new cybersecurity tools or processes. In the area of cybersecurity, so much is changing. New cybersecurity protocols like the Zero Trust Framework are emerging, and Microsoft is acting on these approaches to make its environments more secure.
On March 1, 2023, Microsoft is implementing a new policy called, Granular Delegated Administrative Privileges (GDAP) policy, that will change how ERP partners manage their customers’ production and sandbox environments. This new policy for clients running Microsoft Dynamics 365 Business Central, Microsoft 365, and Azure environments will remove all rights and permissions for ERP partners to access customer, partner tenant, partner user, and workload levels. The policy changes go into effect on March 1, so ERP partners and clients need to discuss access rights immediately.
With Microsoft’s new GDAP policy, customers will need to explicitly grant a specific level of access to ERP partners. The previous policy allowed almost unrestricted access to a client’s environment. For the new policy, Microsoft advised ERP partners to examine the last 90 days of activity with their customers and determine what’s needed. Customers can provide full access to their partner or remove access if a partner hasn’t used the rights in the last three months. There’s also an option of having a minimum set of administrative privileges.
Microsoft offers an example of how the ERP partner’s access can be partitioned per customer on its Partner Center page. This example reinforces the message that partners will no longer have complete access to all customer tenants across Azure subscriptions through Admin agents by default. Instead, partners managing Azure are part of a separate security group, which is a member of the admin agent group. This group grants owner role-based access control (RBAC) access to all Azure subscriptions for that customer.
Once customers identify the level of access, their partner will work with Microsoft to complete the process.
This admin change by Microsoft aligns with zero-trust security principles that have emerged across most industries. Zero trust security offers a comprehensive approach focusing on verifying users explicitly, assuming a breach within environments, and employing least privileged access policies. Many IT departments have been implementing endpoint security policies that allow IT departments to supervise and authenticate access rights to endpoint devices or networks.
So make sure you’re working with your partner to find the right level of support by March 1, 2023.
ArcherPoint offers cybersecurity services, including endpoint and infrastructure security management, 24/7 remote monitoring, and cyber insurance qualification assistance.
The post Microsoft Adds Cybersecurity Protocols with New Granular Delegated Admin Policy appeared first on ArcherPoint.
Business Applications communities