Recommended GDAP Roles for CyberQP Integration with Microsoft 365 – CyberQP

Overview

CyberQP requires specific permissions to function properly with your customers' Microsoft 365 environments. This article lists the roles that must be included in your GDAP relationships and explains why each one is important. If these roles—or higher-level roles—are already assigned, CyberQP will be able to use them.

If not, you’ll need to request a new GDAP relationship with your customers that includes the required roles.

Required GDAP Roles and Why They Are Needed

Role	Description	Why CyberQP Needs It
Privileged Authentication Administrator	Can manage authentication methods and reset passwords for non-admin users.	Rotate / Reset the password for any account within the tenant including Global admin accounts. Block / Unblock sign in for any account within the tenant including Global admin accounts. Rotate password for JIT accounts on enable or disable Check Microsoft Authenticator availability for Identity Verification Push
Privileged Role Administrator	Can manage role assignments in Azure AD, including privileged roles.	Assign or remove Privileged Roles for Just-in-Time (JIT) including Global Administrator
User Administrator	Can create, update, and delete user accounts and reset passwords.	Rotate / Reset the password for any non privileged account Block / Unblock sign in for any non privileged account Manual & Automatic Import of M365 accounts Create new JIT accounts
Application Administrator	Can manage enterprise applications and permissions for apps.	Manage app registrations and Service Principles creation in Customer environments Assign necessary permissions to enterprise app

Overview

Required GDAP Roles and Why They Are Needed

Related articles