Microsoft Pauses Delayed Partner Ecosystem Security Update To Count Its Money (theregister.com) 3
Microsoft's delayed effort to ensure its partners don't enjoy unduly privileged access to their clients' systems will run for just nine days before pausing for a month. From a report: Partners of the Redmond-based software colossus have historically relied on "delegated admin privileges" (DAP) to manage and monitor clients' systems and software purchases. In the wake of criminal attacks on managed services providers and the software they use to tend their clients, Microsoft decided DAP privileges offered dangerously extensive access.
The company therefore created granular delegated admin privileges (GDAP). As the name implies, GDAP limits the resources and permissions partners enjoy when driving their customers' systems. It also adds zero-trust principles to further reduce the likelihood that an attack on a partner will mean pain for end customers. Partners and Microsoft customers alike were told they would need to stop using DAPs and instead move to GDAPs. So far, so sensible. But also a little controversial, because partners can create GDAP profiles in customers' Active Directory implementations -- customers don't need to give permission for the creation of GDAP profiles, but do need to sign them off. The move from DAP to GDAP has been slow. Microsoft set October 31, 2022, as the date on which it would discontinue the software that automates DAP to GDAP migrations, then moved that date to March 1, 2023. Those delays came after Redmondt's initial ambition was for DAP to die by the end of 2022.
The company therefore created granular delegated admin privileges (GDAP). As the name implies, GDAP limits the resources and permissions partners enjoy when driving their customers' systems. It also adds zero-trust principles to further reduce the likelihood that an attack on a partner will mean pain for end customers. Partners and Microsoft customers alike were told they would need to stop using DAPs and instead move to GDAPs. So far, so sensible. But also a little controversial, because partners can create GDAP profiles in customers' Active Directory implementations -- customers don't need to give permission for the creation of GDAP profiles, but do need to sign them off. The move from DAP to GDAP has been slow. Microsoft set October 31, 2022, as the date on which it would discontinue the software that automates DAP to GDAP migrations, then moved that date to March 1, 2023. Those delays came after Redmondt's initial ambition was for DAP to die by the end of 2022.
No no no (Score:3)
Re: (Score:2)
The silly summary doesn't even get to the money part of the story. Maybe they're trying to intentionally get slashdot readers to RTFA...
Anyway, Microsoft paused rollout until after the end of their fiscal year on June 30 - which The Register is snarkily implying means that Microsoft cares more about their money than the security rollout. Which may be true, but companies being greedy is such an old story by now that the kids demand to be read a different story.