CSP Tier 1 Support with Least Access Configured
Is there a way to provide support for a customer who can not grant Global Administrator rights over their tenant? Is there any type of RBAC that can be put in place so a CSP can submit a request on behalf of that customer without opening gaps in their security posture?
For license-based services like D365 or M365 the answer is no. For Azure subscriptions there might be some options. Generally it is expected from CSP Partner that they have a good security posture themselves for their management processes (Similar to how it is expected from Microsoft as cloud provider) - but this might be a larger discussion.
You can open an Advisory request to discuss on options for achieve a least privilege model and how customer can control your access as Partner - https://aka.ms/technicalservices or directly via https://aka.ms/tpdmsform (Choose any technology under "Azure" for CSP related questions since there is currently no matching coding available).
Receive consultations via Technical Presales and Deployment Services team