If you’ve recently received a notification from Microsoft about an “admin relationship” expiring, you may be wondering what it means. The message likely relates to something called GDAP (Granular Delegated Admin Privileges).
This blog explains what GDAP is, why Microsoft introduced it, what those notifications mean, and why it’s important for both businesses and their IT partners.
What is GDAP?
GDAP (Granular Delegated Admin Privileges) is a Microsoft security feature that defines the relationship between a business’s Microsoft tenant and its Managed Service Provider (MSP) or IT partner.
In plain terms, it gives an IT partner secure access to manage your Microsoft services – but only with the specific permissions they need, for a limited time.
Microsoft introduced GDAP to replace the older Delegated Admin Privileges (DAP) model, which gave partners much broader and often indefinite access. GDAP is more precise, time-bound, and transparent, aligning with Zero Trust security principles.
Why did Microsoft introduce GDAP?
GDAP is part of Microsoft’s wider move to improve security and reduce risks associated with privileged access. Compared with the old system:
- More Control: Instead of blanket admin rights, partners are granted only the roles they need.
- Time-Limited: GDAP relationships automatically expire (typically after two years), forcing periodic reapproval.
- Customer Visibility: Businesses can clearly see what access their IT partner has and when it needs renewing.
This ensures partners can still provide effective support, but without holding open-ended, high-level permissions that could be misused if compromised.
Why did I receive a notification?
If you’re a Microsoft 365 tenant administrator, you’ll likely receive automated emails from Microsoft when a GDAP relationship is nearing expiry.
These reminders are sent out to make sure you’re aware that your IT partner’s access will soon expire. They don’t mean anything is wrong with your account – they are part of Microsoft’s security-by-design approach.
You might see these notifications 30 days, 7 days, and 1 day before expiry. The wording may mention “extending” or “renewing” the admin relationship.
What happens if GDAP expires?
If a GDAP relationship expires without being renewed:
- Your IT partner loses their delegated admin access.
- They will not be able to perform certain management tasks (e.g., user management, license changes, raising support tickets with Microsoft on your behalf).
- Services continue to run normally, but support may be delayed until access is re-established.
In short, an expired GDAP doesn’t affect your Microsoft 365 services directly – but it can slow down support.
Why GDAP matters for your business
GDAP isn’t just “another Microsoft requirement.” It’s a safeguard designed to protect your data and ensure best practice access management.
Key benefits include:
- Security: Enforcing least-privilege access reduces risk.
- Transparency: You can see and control what your IT partner can do.
- Compliance: Time-bound, audited access helps meet regulatory requirements.
- Trust: It provides assurance that no external partner has indefinite, unnecessary control over your environment.
Next steps: Building on GDAP with zero trust
GDAP is one building block of Microsoft’s Zero Trust security model – which assumes no user or partner should have more access than necessary, and that access should always be reviewed and renewed.
If your business wants to go further, you may want to explore advanced tools such as Privileged Identity Management (PIM). PIM allows for “just-in-time” admin access, giving elevated rights only when needed and for a short window of time.
Final thoughts
If you’ve received a GDAP notification, don’t panic. It’s simply Microsoft reminding you that your IT partner’s secure admin access is due for renewal. In most cases, your provider will handle the renewal process – but it’s good to know what’s happening behind the scenes.
Want to learn more about Zero Trust or Privileged Identity Management? Get in touch with us – we’d be happy to walk you through how these security models can help protect your business.