As of November 1, 2023, all migrations to GDAP were required to be completed, and migration tools are no longer available. This is a legacy article geared towards helping customers through the Microsoft-Led Transition. This page remains to serve as a reference for anyone who may not have been aware of these happenings at the time.
Forced GDAP Migration
Transitioning to Granular Delegated Admin Privileges (GDAP) is crucial as Microsoft phases out Delegated Admin Privileges (DAP) by the end of the October 2023. This change is necessary for ensuring uninterrupted functionality within your Rewst environment.
What's Happening
As Microsoft progresses in its shift from DAP to GDAP, tenants may find themselves automatically converted to GDAP in a restricted, nearly read-only state.
Signs You've Been Moved
If you encounter error messages implying insufficient permissions, or no access, you may have been forcefully migrated to GDAP. An example error message might look something like:
Why It's Happening
How to Confirm
To confirm this is in fact the issue you are experiencing you can perform the following steps:
Navigate to the admin relationship section.
Check for an admin relationship prefixed with MLT_ followed by a GUID.
How to Fix It
You'll need to redo your migration to GDAP.
Automated GDAP migration is only available until November 1st. Post-deadline, manual setup will take approximately 15-20 minutes per tenant, where the process will involve opening a customized URL as the global administrator for each client.
Post-Migration Adjustments: Handling Missing Roles
Scenario: Experiencing Errors Post-Migration
If Rewst was functioning correctly post-GDAP migration but is now experiencing errors, the likely cause is the retirement of your DAP relationships by Microsoft.
Modifying GDAP Relationships: Migration Wizard vs. Manual Methods
Steps to Modify GDAP Relationships
Search for Groups: If you used CIPP, type M365 to find groups named M365 GDAP {Role Name}. (For manual setups, locate the relevant security group by its custom name.)
Modify Group Members: Click on the desired group, go to Members, then click Add a Member. Select the Rewst Service Account and confirm changes.
Post-Modification Behavior
Propagation Time: Changes may take up to an hour to become active in the Rewst environment.
Quick Refresh: Click the blue shield icon next to the client's name on the Graph/CSP/Exchange Integration page in Rewst to expedite propagation.
Tools & Additional Resources
Last updated
Was this helpful?