Microsoft extends deadline for partners to improve their clients' security with unauthorised Azure AD tweaks
Partners may be dragging the chain a little – perhaps you'd like to hurry them up?
Microsoft's campaign to improve the security of its customers and partners – by letting the latter set roles in clients' Azure Active Directory implementations without asking permission – has been extended by four months.
As The Register reported in July 2022, Microsoft has noted that IT service providers are a target for cyber criminals because cracking one partner could grant access to many thousands of machines.
Microsoft's precaution against that outcome is an upgrade to the delegated admin privileges (DAP) that partners are granted so they can tend clients' software purchases and systems.
The upgrade is called GDAP – granular delegated admin privileges – and implements zero-trust principles so that partners can still administer customers' software, but are restricted to certain activities and low levels of privilege.
Microsoft is so keen for partners to upgrade to GDAP it's allowed them to create the role in Active Directory without having to get customers' permission first.
But partners appear not to be rushing to implement GDAP. Microsoft set October 31 as the date on which it would discontinue the software that automates DAP to GDAP migrations.
An October 13 notice to partners reveals that software will now expire on March 1, 2023 – four months past the old deadline.
The ability to create a DAP relationship will also survive longer than intended – until January 17, 2023.
- Microsoft leaves the Office, rebrands everything as 365
- Microsoft arms Surface Pro 9 with Qualcomm SQ3, 12th-gen Intel chips
- Microsoft and Meta promise facehugger PCs piping cloud desktops into VR headsets
- Microsoft warns: Windows 11 update breaks provisioning
News of the deadline extensions was accompanied by the following hurry-up from Microsoft:
To avoid disruption to your business, we recommend that you do not delay until March 2023 and take action now to transition to GDAP for the level of access that you require to manage your customers.
Microsoft also pointed out that the GDAP roles that can be created by partners are limited, and customers will have to approve upgrades to more privileged roles. If partners hurry up and hit the deadline, it will therefore mean less of a need for their customers to rush either.
Redmond has had a tricky time with its partner community in 2022, with many pushing back against terms of the "New Commerce Experience" (NCE) that prioritizes sales of fixed-term subscriptions and makes it hard to acquire a perpetual license. Partner adoption of NCE was so slow that Microsoft extended its old licensing arrangements indefinitely and admitted the transition had negatively impacted revenue to a greater extent than anticipated.
Another partner-related issue is Microsoft's pricing for software licenses, which are considerably cheaper when run in the company’s own Azure cloud. Cloud partners pushed back against that, supported by the European Union deciding Microsoft pricing represented unfair competition that disadvantaged rival clouds. Microsoft introduced per-core licensing and said doing so should level the playing field. But as analyst Wesley Miller observed in this Twitter thread, Microsoft now offers three different pricing schemes: one on Azure, and two that serve different classes of partners.
Giving Azure customers better features, rights and privileges than it offers to users on other clouds is not exactly levelling the playing field, regardless of pricing. ®