Security News > 2023 > January > Microsoft fumbles zero trust upgrade for some Asian customers

Microsoft fumbles zero trust upgrade for some Asian customers
2023-01-13 05:58

Microsoft has messed up a zero trust upgrade its service provider partners have been asked to implement for customers.

The software giant has long given its partners delegated admin privileges that allow them to administer customers' services or subscriptions on their behalf.

Customers authorize DAP before partners can exercise privileges, and the service provider proceeds to provide service.

In recent years Microsoft has noticed that IT services providers have become a target for cyber criminals who realized that cracking a single IT consultancy could let them reach all of its clients.

So in 2022 Microsoft upgraded DAP to granular delegated admin privileges which, as the name implies, offers finer controls - so that if an attacker gains access to a partner's accounts the impact will be less horrible.

The other reason for GDAP-related delays is that Microsoft partners "Have requested default Azure Active Directory roles when creating a new customer tenant." That's not doable at present, so the boffins are busy designing the feature.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/01/13/microsoft_gdap_double_byte_delays/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 706 781 4550 4600 3628 13559