Home > Microsoft CSP Integration > Create Admin Relationships in Partner Center
Export to PDFCreate Admin Relationships in Partner Center
To create an admin relationship with a customer’s Microsoft 365 tenant, complete the following steps in order:
-
[Partner’s Action] Create an admin relationship for a Microsoft 365 tenant.
You can specify which tenant this relationship is for, the duration, and the appropriate Microsoft Entra roles.
The following table lists the Microsoft Entra roles that are requested in the admin relationship.
| Name | Description |
|---|---|
| Intune Administrator | Users with this role have global permissions within Microsoft Intune Online. |
| Compliance Administrator | Users with this role have management permissions within in the Office 365 Security & Compliance Center and Exchange Admin Center. |
| Exchange Administrator | Users with this role have global permissions within Microsoft Exchange Online. |
| SharePoint Administrator | Users with this role have global permissions within Microsoft SharePoint Online. |
| Power Platform Administrator | Can create and manage all aspects of Microsoft Dynamics 365, PowerApps and Microsoft Flow. |
| Teams Administrator | Can manage the Microsoft Teams service. |
| Security Administrator | Users with this role have all of the read-only permissions of the Security reader role, plus the ability to manage configuration for security-related service |
| Office Apps Administrator | Can manage Office apps' cloud services, including policy and settings management, and manage the ability to select, unselect and publish "what's new" feature content to end-user’s devices. |
| Application Administrator | Users with this role can create and manage all aspects of app registrations and enterprise apps. |
| External ID User Flow Administrator | Create and manage all aspects of user flows. |
| Authentication Policy Administrator | Can create and manage all aspects of authentication methods and password protection policies. |
| Privileged Role Administrator | Users with this role can manage role assignments in Microsoft Entra and Microsoft Entra Privileged Identity Management. |
| Attribute Definition Administrator | Defines and manages the definition of security attributes for the tenant. |
| Cloud Device Administrator | Full access to manage devices in Microsoft Entra. |
| Groups Administrator | Can manage all aspects of groups and group settings like naming and expiration policies. |
-
[Customer’s Action] Approve requested permissions.
Once you finalize the request, the Microsoft cloud platform will automatically send an invitation email to the customer’s Global Administrator. The customer's Global Administrator must complete the following steps to grant permissions:
-
Sign in to the Microsoft 365 Admin Center (admin.microsoft.com).
-
Navigate to Settings > Partner relationships.
-
Locate the Granular delegated admin privileges (GDAP) section.
-
Review the pending request from the partner’s company, including the specified roles and duration.
-
Click Accept to grant these permissions.
-
-
[Partner’s action] Add security groups to the relationship.
Under the Security groups section, click Add security groups. Search for the AdminAgents group and then add it to the relationship.