Multi-Tenant Overview
Muti-Tenant Management (MSP)
Multi-Tenant Overview
How Intune Assistant supports MSPs with GDAP-enabled multi-tenant management
Intune Assistant is designed to be a perfect fit for Managed Service Providers (MSPs) who need to manage multiple customer tenants efficiently. With support for GDAP (Granular Delegated Admin Privileges), you can securely access and manage all your customer environments from a single interface.
As an MSP, you face unique challenges when managing multiple customer tenants:
Context switching between different customer portals
Inconsistent access across various tenants
Time-consuming manual processes for similar tasks
Difficult oversight of configurations across customers
Intune Assistant solves these challenges by providing:
Unified dashboard for all your customer tenants
Consistent experience across all managed environments
Bulk operations per tenant context in the same portal
Centralized reporting and insights
Intune Assistant uses a home tenant approach where:
Main tenant serves as your primary management hub, the one where GDAP relationships are established
Customer tenants are added as additional managed environments
Single sign-on experience across all tenants
Centralized user management in your home tenant
Intune Assistant leverages Microsoft's GDAP (Granular Delegated Admin Privileges) for secure customer tenant access:
Granular permissions - Only request the specific permissions you need
Time-bound access - Set expiration dates for enhanced security
Customer approval - Customers maintain control over granted permissions
GDAP Advantage
GDAP provides more secure and granular access compared to traditional delegated admin privileges, giving customers better control over what MSPs can access.
Before setting up multi-tenant access, ensure you have:
Partner Center access with appropriate permissions
GDAP relationships established with customer tenants
Required permissions granted for Intune management
Customer approval for the necessary delegated privileges
Intune Assistant installed in your home tenant
MSP license plan enabled for Intune Assistant
For Intune Assistant functionality, request these GDAP roles:
Intune Service Administrator
Full Intune management
Read/Write access to all Intune resources
Cloud Device Administrator
Device management
Manage device settings and compliance
Application Administrator
App management
Manage application assignments and policies
Reports Reader
Analytics and reporting
Access to usage and compliance reports
Establish GDAP relationship in Partner Center (see GDAP Setup Guide)
Request appropriate roles for Intune management (see GDAP Role Assignment)
Wait for customer approval of the delegated privileges (see GDAP Approval Process)
Add tenant to Intune Assistant using the customer settings page (see Adding Customer Tenants)
Switch between tenants while maintaining context:
Quick tenant switching without re-authentication
Tenant-specific configurations and customizations
Isolated data ensuring customer privacy
Each customer tenant's data remains completely isolated:
No cross-tenant data sharing
Separate authentication contexts
Individual audit trails per tenant
Customer-specific permissions
Comprehensive logging across all operations:
GDAP activity logs for compliance reporting
Security event correlation
Multiple layers of security:
Just-in-time access through GDAP
Role-based permissions per customer tenant
Multi-factor authentication enforcement
Conditional access policy compliance
Security Best Practices
Always follow the principle of least privilege when requesting GDAP roles. Only request the minimum permissions necessary for your management tasks.
Reduced context switching between customer portals
Standardized processes across all customer tenants
Bulk operations that scale with your business
Centralized training on a single platform
Faster issue resolution with unified visibility
Consistent service delivery across all customers
Proactive monitoring and alerting
Better reporting and insights for customers
Scalable architecture that grows with your MSP
Standardized offerings across customer base
Automated processes that reduce manual overhead
Better resource utilization across teams
Cannot access customer tenant
Verify GDAP relationship and approved roles
Missing permissions in tenant
Check delegated admin privileges in Partner Center
Tenant not appearing in switcher
Confirm customer has approved GDAP request
Cross-tenant operations failing
Validate consistent permissions across tenants
MSP Success Tip
Start with a small subset of customer tenants to validate your processes and permissions before scaling to your entire customer base.