# Overview

## Multi-Tenant Overview

How Intune Assistant supports MSPs with GDAP-enabled multi-tenant management

## [Multi-Tenant Overview](#multi-tenant-overview)

Intune Assistant is designed to be a perfect fit for Managed Service Providers (MSPs) who need to manage multiple customer tenants efficiently. With support for GDAP (Granular Delegated Admin Privileges), you can securely access and manage all your customer environments from a single interface.

### [Perfect for MSPs](#perfect-for-msps)

As an MSP, you face unique challenges when managing multiple customer tenants:

* **Context switching** between different customer portals
* **Inconsistent access** across various tenants
* **Time-consuming** manual processes for similar tasks
* **Difficult oversight** of configurations across customers

Intune Assistant solves these challenges by providing:

* **Unified dashboard** for all your customer tenants
* **Consistent experience** across all managed environments
* **Bulk operations** per tenant context in the same portal
* **Centralized reporting** and insights

### [How Multi-Tenant Works](#how-multi-tenant-works)

#### [Home Tenant Architecture](#home-tenant-architecture)

Intune Assistant uses a **home tenant** approach where:

1. **Main tenant** serves as your primary management hub, the one where GDAP relationships are established
2. **Customer tenants** are added as additional managed environments
3. **Single sign-on** experience across all tenants
4. **Centralized user management** in your home tenant

#### [GDAP Integration](#gdap-integration)

Intune Assistant leverages Microsoft's GDAP (Granular Delegated Admin Privileges) for secure customer tenant access:

* **Granular permissions** - Only request the specific permissions you need
* **Time-bound access** - Set expiration dates for enhanced security
* **Customer approval** - Customers maintain control over granted permissions

GDAP Advantage

GDAP provides more secure and granular access compared to traditional delegated admin privileges, giving customers better control over what MSPs can access.

### [Setting Up Multi-Tenant Access](#setting-up-multi-tenant-access)

#### [Prerequisites](#prerequisites)

Before setting up multi-tenant access, ensure you have:

* **Partner Center access** with appropriate permissions
* **GDAP relationships** established with customer tenants
* **Required permissions** granted for Intune management
* **Customer approval** for the necessary delegated privileges
* **Intune Assistant installed** in your home tenant
* **MSP license plan** enabled for Intune Assistant

#### [Required GDAP Roles](#required-gdap-roles)

For Intune Assistant functionality, request these GDAP roles:

| Role                             | Purpose                 | Permissions                                 |
| -------------------------------- | ----------------------- | ------------------------------------------- |
| **Intune Service Administrator** | Full Intune management  | Read/Write access to all Intune resources   |
| **Cloud Device Administrator**   | Device management       | Manage device settings and compliance       |
| **Application Administrator**    | App management          | Manage application assignments and policies |
| **Reports Reader**               | Analytics and reporting | Access to usage and compliance reports      |

#### [Setting Up Customer Tenants](#setting-up-customer-tenants)

1. **Establish GDAP relationship** in Partner Center (see [GDAP Setup Guide](https://learn.microsoft.com/en-us/partner-center/customers/gdap-obtain-admin-permissions-to-manage-customer))
2. **Request appropriate roles** for Intune management (see [GDAP Role Assignment](https://learn.microsoft.com/en-us/partner-center/customers/gdap-assign-microsoft-entra-roles))
3. **Wait for customer approval** of the delegated privileges (see [GDAP Approval Process](https://learn.microsoft.com/en-us/partner-center/customers/gdap-customer-approval))
4. **Add tenant** to Intune Assistant using the customer settings page (see [Adding Customer Tenants](/extensions/msp-support/tenant-management.md))

### [Features Across Tenants](#features-across-tenants)

#### [Tenant-Specific Views](#tenant-specific-views)

Switch between tenants while maintaining context:

* **Quick tenant switching** without re-authentication
* **Tenant-specific configurations** and customizations
* **Isolated data** ensuring customer privacy

### [Security and Compliance](#security-and-compliance)

#### [Data Isolation](#data-isolation)

Each customer tenant's data remains completely isolated:

* **No cross-tenant data sharing**
* **Separate authentication contexts**
* **Individual audit trails** per tenant
* **Customer-specific permissions**

#### [Audit and Monitoring](#audit-and-monitoring)

Comprehensive logging across all operations:

* **GDAP activity logs** for compliance reporting
* **Security event correlation**

#### [Access Controls](#access-controls)

Multiple layers of security:

* **Just-in-time access** through GDAP
* **Role-based permissions** per customer tenant
* **Multi-factor authentication** enforcement
* **Conditional access** policy compliance

Security Best Practices

Always follow the principle of least privilege when requesting GDAP roles. Only request the minimum permissions necessary for your management tasks.

### [Benefits for MSPs](#benefits-for-msps)

#### [Operational Efficiency](#operational-efficiency)

* **Reduced context switching** between customer portals
* **Standardized processes** across all customer tenants
* **Bulk operations** that scale with your business
* **Centralized training** on a single platform

#### [Customer Service](#customer-service)

* **Faster issue resolution** with unified visibility
* **Consistent service delivery** across all customers
* **Proactive monitoring** and alerting
* **Better reporting** and insights for customers

#### [Business Growth](#business-growth)

* **Scalable architecture** that grows with your MSP
* **Standardized offerings** across customer base
* **Automated processes** that reduce manual overhead
* **Better resource utilization** across teams

### [Getting Started](#getting-started)

{% stepper %}
{% step %}

### Step 1: Prepare Your Home Tenant

* Set up Intune Assistant in your primary tenant
* Configure user roles and permissions
* Establish your baseline configurations
  {% endstep %}

{% step %}

### Step 2: Establish GDAP Relationships

* Work with customers to set up GDAP in Partner Center
* Request appropriate delegated admin roles
* Document approved permissions for each customer
  {% endstep %}

{% step %}

### Step 3: Add Customer Tenants

* Use the tenant switcher to add customer environments
* Verify access and permissions for each tenant
* Configure customer-specific settings and branding
  {% endstep %}

{% step %}

### Step 4: Train Your Team

* Ensure staff understand multi-tenant navigation
* Establish processes for cross-tenant operations
* Implement security and compliance procedures
  {% endstep %}
  {% endstepper %}

### [Troubleshooting Common Issues](#troubleshooting-common-issues)

| Issue                            | Solution                                           |
| -------------------------------- | -------------------------------------------------- |
| Cannot access customer tenant    | Verify GDAP relationship and approved roles        |
| Missing permissions in tenant    | Check delegated admin privileges in Partner Center |
| Tenant not appearing in switcher | Confirm customer has approved GDAP request         |
| Cross-tenant operations failing  | Validate consistent permissions across tenants     |

### [Additional Resources](#additional-resources)

* [GDAP Introduction - Microsoft Learn](https://learn.microsoft.com/en-us/partner-center/customers/gdap-introduction)
* [Partner Center GDAP Management](https://learn.microsoft.com/en-us/partner-center/enroll/overview)
* [Backup & Restore How to backup policy assignments before migration and restore them if needed using the Assignment Manager.](/extensions/assignments-manager/intune-assignments/backup-and-restore.md)
* [Multi-Tenant Permissions Required permissions for multi-tenant management including Partner Center and GDAP access](/extensions/msp-support/multi-tenant-permissions.md)

{% hint style="success" %}
MSP Success Tip

Start with a small subset of customer tenants to validate your processes and permissions before scaling to your entire customer base.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.intuneassistant.cloud/extensions/msp-support/overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.