Security News > 2022 > May > Microsoft warns partners to revoke unused authorizations that drive your software

Microsoft has advised its reseller community it needs to pay attention to the debut of improve security tooling aimed at making it harder for attackers to worm their way into your systems through partners.

Microsoft reckons that users with regulatory requirements to only offer outsiders least-privileged access will appreciate GDAP. GDAP will become generally available "By early June 2022" according to a Microsoft notice for partners.

One of the recommended steps to adopt GDAP is to review any unused DAP authorizations - Microsoft reckons they're ripe for exploitation by criminals - ahead of a move to GDAP. Early in Q3, Microsoft will release a tool to migrate remaining DAPs to GDAPs, but that software will only be available temporarily.

Microsoft will stop allowing creation of new DAPs.

In Q4, Microsoft will help partners to finish the job of moving from DAPs to GDAPs.

Microsoft users clearly need to have a chat with whoever sells and/or tends their software about whether they are rooting out old DAPs and making the transition to GDAP, and how they plan to put the new gear to work.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/18/microsoft_gdap_advice/