Delegated Admin Permissions in CSP

Removing DAP

Estimated read time: 1:20

    Summary

    In this informative video by Microsoft Azure Government, Abacha discusses the process of removing delegated admin permissions within a government context using CSP (Cloud Solution Provider). This is particularly useful for customers who wish to maintain a secure environment by limiting access to their data, while still allowing partners to manage subscriptions and billing from their dashboard. The walkthrough includes logging into different portals and managing settings to ensure restricted access, providing a secure yet manageable solution for both partners and customers.

      Highlights

      • Easily remove access to customer's data without disrupting your management capabilities. 🚪
      • Safely continue managing billing and subscriptions even after access is stripped. 💼
      • Simple, clear instructions to safely break the relationship with Azure portals. 🔒
      • Ensures security by disconnecting direct admin access while maintaining backend control. 🔗
      • Enhance security protocols in collaboration with customers using Office365 tools. 🛠️

      Key Takeaways

      • Understand how to strip away delegated admin permissions without losing essential management capabilities. 🛡️
      • Learn to manage customer relationships by aligning with security protocols while maintaining service efficiency. 🔑
      • Discover the steps to log into portals and manage admin settings effectively. 💻
      • Ensure your infrastructure respects client security needs while you're still in control of management tasks. 🤝
      • A handy tutorial for CSPs aiming to comply with government security requirements effortlessly. 📘

      Overview

      In the latest installment of the 'How to Get Started' series, Abacha guides users through the process of removing delegated admin permissions in a government setting using CSP. This procedure, vital for maintaining data sovereignty and security, involves working through multiple portals seamlessly, ensuring that customer data remains uncompromised.

        The video sheds light on removing permissions without entirely disconnecting from the customer, ensuring continuity in subscription management, billing, and resource creation through the CSP's dashboard. This is crucial for partners who manage multiple government or secure accounts, adapting to each client's security needs while maintaining operational efficiency.

          The step-by-step guide provided by Abacha is a valuable resource for CSPs dealing with governmental clients. It combines efficiency and security, explaining how to leverage dashboards and portals like Office365 and Azure, while aligning with strict security protocols. This ensures partners can meet their service commitments without breaching client privacy or data security.

            Chapters

            • 00:00 - 00:30: Introduction to Delegated Admin Permissions The chapter discusses the concept of delegated admin permissions within the context of the CSP (Cloud Solution Provider) program. It specifically addresses how these permissions can be used in government scenarios, allowing service providers to assist customers without needing direct access to their tenants. This setup facilitates managing and supporting services while adhering to security and administrative protocols.
            • 00:30 - 01:00: Managing Customers and Breaking Relationships The chapter titled 'Managing Customers and Breaking Relationships' discusses the end-to-end management of customers, including the creation of subscriptions and resources. It highlights the flexibility of involvement level with customer interactions and addresses the common concern of accessing customer data. The chapter provides a solution for customers who require privacy, explaining that breaking the 'parking relationship' can ensure that the service provider does not have access to customer data, thereby maintaining customer privacy and trust.
            • 01:30 - 02:00: Steps to Sever Relationship in Azure Portal This chapter discusses the steps to sever a relationship in the Azure Portal. It begins by explaining that by default, there is an ability to help and access other tenants, but if isolation is desired, it can be achieved. The chapter promises to guide through the steps using different portals, encouraging careful note-taking for successful implementation. The context is set for those following the series, likely indicating that this is part of a larger tutorial or educational sequence.
            • 02:00 - 03:00: Visiting the Office365 Portal In this chapter titled 'Visiting the Office365 Portal', the focus is on user roles and data access within a corporate setting involving Office365. The transcript highlights the company's use of two major roles: a department conducting secret projects and a partner entity. There's an emphasis on security measures, ensuring only authorized personnel have access to sensitive information. This involves strict control over data access rights, which is made more secure by establishing a partnership where they can limit exposure of their Office365 environments. The partnership is set up with clear boundaries to protect sensitive information while enabling necessary collaboration.
            • 04:00 - 05:00: Navigating Admin and Active Users The chapter discusses the abilities of partners within the CSP (Cloud Solution Provider) program to manage customer subscriptions through their dashboard and the Partner Center. Partners can still create and bill subscriptions and view customer billing details. However, access to the customer's tenant is restricted unless granted by the customer.
            • 05:00 - 06:00: Partner Relationship Settings The chapter discusses how to manage partner relationship settings within the Azure portal. The narrator is accessing their dashboard as a Cloud Solution Provider Global Administrator (CSP GA) with a tenant. They introduce the Azure portal, specifically designed for admin and department management, illustrating the process of transforming the partner relationship from delegated admin privileges to a different configuration within the Azure portal. A specific portal is mentioned as crucial for this task.
            • 06:00 - 07:00: Removing Delegated Admin Access The chapter titled 'Removing Delegated Admin Access' discusses accessing the Office 365 portal in the United States. It starts with the speaker attempting to log into the Office 365 portal, highlighting a common mistake of entering an incorrect URL. The narrator tries again to access the portal using their current session login credentials.
            • 08:00 - 09:00: Checking Changes as a Partner In this chapter titled 'Checking Changes as a Partner', the focus is on the procedure for partners to verify modifications alongside their customers. The process begins with ensuring the correct account and workspace setup, specifically through the Office 365 administrator portal. The partner needs to cooperate with their customer to log into the portal using an administrator account. Once logged in, both parties can explore various settings and take necessary actions. The chapter emphasizes the importance of this collaborative approach for effective changes management and the initial login experience offering several options for configuration.
            • 09:00 - 10:00: Conclusion The chapter "Conclusion" provides guidance on navigating the admin interface, emphasizing the importance of accessing the "admin and active users" link for managing customer interactions. However, once a customer follows this process, the user will lose access to certain functions for attending, although they can still manage subscriptions and view billing information.

            Removing DAP Transcription

            • 00:00 - 00:30 hey folks our Abacha here with our third video from our CSB how to get started series so today we're going to talk about delegated admin permissions and what does that mean so you know we worked in the government scenario and in the government areas so many times we have customers that don't necessarily need us to be in their tenant and help them manage some of these of these things so there is you know with with CSP you are able to to
            • 00:30 - 01:00 manage your customers you manage them end to end you're able to create subscriptions for them creates all of these resources you can be as involved there are not angles that they need you to be one of the current questions that we get very often is like hey can I ensure that I don't get access to my customers data and if that is something that your customer requires and that's totally doable to achieve that what we do is we basically break the parking relationship between you and your customer but don't worry and the only
            • 01:00 - 01:30 thing that happens is you lose the ability to enter their their tenant by default you are able to you know as I said by default you are able to help them and get set up but if they really want to isolate you completely from that scenario then we can definitely do that and today I'm going to show you how to do that we leverage a couple of things a couple of portals so make sure to follow along and you don't keep copious notes if you want to achieve that on your end so if you've been following this series
            • 01:30 - 02:00 of videos that we're doing we've been using two main players we have our department of demos which is our customer right and they're working on this top secret project and we don't we got to make sure that we don't you know get access to your data because not all of our personal all has clearance right so because of that they want a server relationship with a partner and and again you don't take this you know the hard way very we only as I said we're limiting their access to their Hajer
            • 02:00 - 02:30 portal but you as a partner and after CSP are still able to manage in your dashboard and in partner center you can still create subscriptions for them you can still build them and see how they're dealing details and so on you will only not be able to go into the tenon unless they want it they can definitely keep on creating for you they can create a specific user we think that Azure management portal and from there there you can go in again and help them if they need some help to report right so let's do a quick run
            • 02:30 - 03:00 through this so I'm right now in my dashboard as my you know CSP GA which is kind of my Allah my Allah company with its tenant which is tests tests at COP azure and then on this side I have my Asha portal for admin and department of demo calm so how do I go ahead to break this relationship from a from a delegated admin privileges into the azure portal so fairly simple so there's one key portal that you need to visit so
            • 03:00 - 03:30 we will go into into portal jog office365 in the US you will enter and of course I type it wrong so let me give it one more time well there are office365 the US and given my current sessions and how I'm logged in if this will take me in it's a log me in with
            • 03:30 - 04:00 demo custom eject let me make sure that this is actually what I want to be London eyes and this is admin at Department of the amount of Microsoft um and that's correct so you got to make sure that this is you're working with your customer to achieve this they need to login into this portal dot office 365 the US with their administrator account and and once they are here they'll be able to take a couple of actions right so once you're logged in great then you can click here on this this is the first time you're logging in you you'll have a chance to select you know a couple of
            • 04:00 - 04:30 things of what to view when you log in here but this link here in the center that says admin and active users is where you want to go so click on this link and you will see a couple of things that we'll go through so once your customer does this as I said keep in mind you will no longer have access to attend will be able to still manage your subscription and create new ones for them and you will be able to still look at their billing and so on but you won't
            • 04:30 - 05:00 getting the in their tenant they can create a new account for you in their tenants if they so wish them so so make sure to keep that very present before you go ahead and see where this relationship so while these loads let's give it a few more seconds it looks like my my Wi-Fi here maybe even me a little bit of a hard time I'll click on it again just to make sure the browser is not it's not sleeping on me and you will see this so you will see here that the
            • 05:00 - 05:30 only user that you have within this denim today is the Democrats on a test but there is one relationship that exists let me located here in the settings so you go here to the left you will expand in settings and you will see a couple of things that today as I said because you are only using Azure you're only using this world for Identity Management you don't see a lot of of these scenarios and you don't have to worry about this this the rest of the sutures here at this point but you do worry about this
            • 05:30 - 06:00 partner relationship or this is what you care about right so you coming to the partner relationship and I'll click on it and let's wait for it to load and you will see that today it exists a relationship between the test test emphasis the azure which is my company my Olav partner company and what kind of relationship that is it's a cloud solution provider and admin so if you select it you will have a couple of things that you can do you can remove
            • 06:00 - 06:30 that delegate admin action so if you click on this link you will get a note and also the partner on the other side will get an email to allocate this delegated admin access has been removed so you're you're good to go that at that point in time you don't you don't need to worry about them going into the custom in tenant so I'll go ahead and remove that and once that is done it's it's it's basically as I said you can still manage a lot of things for them and at this point I am only cloud
            • 06:30 - 07:00 solution prior I'm no longer a cloud solution provider and admin so so that's great we've taken that set I'll go ahead and close my office and then close these Azure portal as well and just go to the dashboard now what does this mean for you as a partner so for instance I'll show you a quick look because it does take a couple of minutes for for all these permissions to propagate through the active directory but if I look at for example I have this remove that test customer here I'll expand it so if I expand it here if
            • 07:00 - 07:30 you're logging in usually when you log in here in the inter portal with a with an all up global administrator one of the things that you will notice is for each one of your customers you have a link here that says Microsoft Azure management bottle what these does is if you click it it will log you in into a customer's Azure management portal using the delegated admin privileges for this customer which is the remove that test I I've already done the removal of the
            • 07:30 - 08:00 delegated admin access as we just did and you see there is no link to go into the Microsoft Azure management portal so this basically once you see this thing disappear from here this means that all the necessary you know all the necessary steps and admin permissions have propagated through all the active directories with you're pretty much good to go well keep tuned in with this we conclude our walkthrough of how to remove the
            • 08:00 - 08:30 delegated admin permissions in CSP for government kitchen bean for more videos and tips of how to get started on as your government for CSP thanks for joining