Microsoft Pauses Delayed Partner Ecosystem Security Update To Count Its Money

Microsoft’s delayed effort to ensure its partners don’t enjoy unduly privileged access to their clients’ systems will run for just nine days before pausing for a month. From a report: Partners of the Redmond-based software colossus have historically relied on “delegated admin privileges” (DAP) to manage and monitor clients’ systems and software purchases. In the wake of criminal attacks on managed services providers and the software they use to tend their clients, Microsoft decided DAP privileges offered dangerously extensive access.

The company therefore created granular delegated admin privileges (GDAP). As the name implies, GDAP limits the resources and permissions partners enjoy when driving their customers’ systems. It also adds zero-trust principles to further reduce the likelihood that an attack on a partner will mean pain for end customers. Partners and Microsoft customers alike were told they would need to stop using DAPs and instead move to GDAPs. So far, so sensible. But also a little controversial, because partners can create GDAP profiles in customers’ Active Directory implementations — customers don’t need to give permission for the creation of GDAP profiles, but do need to sign them off. The move from DAP to GDAP has been slow. Microsoft set October 31, 2022, as the date on which it would discontinue the software that automates DAP to GDAP migrations, then moved that date to March 1, 2023. Those delays came after Redmondt’s initial ambition was for DAP to die by the end of 2022.

Read more of this story at Slashdot.