Documentation Center

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Community
  • |
  • Support Portal
  • Home
  • Microsoft 365 Management

Configure GDAP in Microsoft Partner Center

Contact Us

If you have questions or want help, please Submit a Request.

Updated at Jul 02, 2025
By Kali Patrick

Table of Contents

Request an Admin Relationship Configure the Microsoft Entra Roles Approve the Admin Relationship Add a Security Group Additional Resources

Related Docs

  • Getting Started with Microsoft 365 Management
  • Integrate with Microsoft
  • Configure GDAP in Microsoft Lighthouse

This document provides instructions to help you create Microsoft 365 GDAP relationships and role assignments for the Syncro integration using the Microsoft Partner Center.

Read on, or watch this short video to see how it's done:

Note: You can access the Microsoft Partner Center through the app in the Microsoft 365 Admin center, or directly by typing partner.Microsoft.com into your browser.

Request an Admin Relationship

  1. Once you're in the Microsoft Partner Center, click Customers:
  2. Select the hyperlinked Name of the customer with whom you want to create an Admin relationship:
  3. From the left navigation, choose Admin Relationships:
  4. If you don't already have an active Admin relationship with the appropriate roles or permissions to integrate with Syncro, click the Request for New Relationship link at the top to request a new one:
  5. Give the Admin Relationship a Name and set a Duration (in Days). 
    Tip: We recommend the maximum duration, which is 730.

Configure the Microsoft Entra Roles

Next follow these steps to configure the 12 permissions for the Microsoft Entra roles:

  1. Click the "Select Microsoft Entra Roles" link:
  2. Either use a Global Administrator role, or use the more granular approach to specify the 12 different permissions or roles, as follows:
    • COLLABORATION:
      • Exchange Administrator
      • Cloud App Security Administrator
      • Teams Administrator
      • SharePoint Administrator
    • DEVICES:
      • Intune Administrator
      • Cloud Device Administrator
    • IDENTITY:
      • Privileged Authentication Administrator
      • Privileged Role Administrator
      • User Administrator
      • Application Administrator
    • SECURITY & COMPLIANCE:
      • Security Administrator
      • Authentication Policy Administrator
  3. Click Save. You should now have 12 roles assigned:

    IMPORTANT: Ensure that the roles are assigned correctly. If there's any inaccuracy, you'll need to repeat the whole process. Remember, you can't add roles after they've been assigned.
  4. Select the "Yes" radio button to auto extend.
  5. Click Finalize Request. 

Approve the Admin Relationship

Your customer or customer Admin will need to approve this relationship and its associated roles. Alternatively, if you're a Global Administrator in that tenant, you can approve it yourself. Follow these steps for a self-approval:

  1. Navigate to the tenant you're creating a relationship for, and paste in the Request link:

    This brings up a Consent Form:

    Note: The Next button stays gray for about 15 to 30 seconds to ensure you're reading all the relevant information. Click the “Learn More” link during this time if you want, but either way you'll need to wait for about 30 seconds.
  2. Once the button is available, click Next.
  3. Review your requested roles again. This is a good opportunity to check that the 12 roles are present and correct.
  4. Click Next again.
  5. Click Accept. 
  6. Once you see a message confirming that you've accepted a partner relationship, navigate back to your tenant and click Done. 
    After some time (approximately 15 minutes), you should see the Admin Relationship is active and enabled:

Add a Security Group

Next, it's important that users in your tenant can use this Admin relationship and the roles they're in. To set this up, follow these steps:

  1. Click your newly created Admin Relationship Name. Once again, you'll see the roles available through the relationship.
  2. Scroll to the Security Groups section at the bottom. If you already have a security group assigned, ensure that it contains all of the required roles. Or, you click "+Add Security Groups" to add a new one:

    IMPORTANT: We recommend using the Admin Agents group. If you're using another group, your user still must be a member of the Admin Agents security group. If you apply the required roles to the Admin Agents security group, the user can simply be a member of this group.
  3. Check the box at the top to select all the roles and assign them to the security group:
  4. Once you've confirmed this, refresh the page and verify that the security group is active:

You've now successfully set up the GDAP relationship with your customer, assigned the appropriate roles, and assigned security groups to that relationship. Additionally, you've ensured that these security groups have the appropriate roles to perform the integration. 

You can now integrate with Microsoft as a CSP.

Additional Resources

For more information about configuring GDAP relationships in Microsoft Partner Center, refer to the following Microsoft Learn articles:

  • Obtain granular admin permissions to manage a customer's service
  • Customer approval of partner GDAP request
  • Grant granular permissions to security groups

Was this article helpful?

Yes
No
Give feedback about this article

The integrated platform for running a profitable MSP business

Syncro All-in-one MSP Software Facebook Syncro All-in-one MSP Software Twitter Syncro All-in-one MSP Software LinkedIn Syncro All-in-one MSP Software YouTube Syncro All-in-one MSP Software Reddit
  • Compliance
  • Privacy Policy
  • Website Terms
  • Service Terms
Knowledge Base Software powered by Helpjuice

© 2017-2024 Servably, Inc. All rights reserved.

Expand