Hero Banner

Announcements

Check out recent announcements and upcoming events

Reply
Microsoft

IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019

Target partner audiences

  • All partners participating in the Cloud Solution Provider (CSP) program that transact Microsoft commercial cloud services: direct bill partners, Indirect providers, and Indirect resellers
  • All Control Panel Vendors
  • All Advisor program partners

 

Summary

Greater and ongoing security and privacy safeguards are among our top priorities. To help protect partners and customers, in June 2019, Microsoft introduced new mandatory security requirements for partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors, and Advisor partners. Effective August 1, 2019, the terms associated with these security requirements in the Cloud Solution Provider Program Guide went into effect. All these partners must meet the requirements to stay complaint with the program guidelines and protect their businesses.

 

Starting November 18, 2019, Microsoft will begin the activation of additional security safeguards to partner tenants. This additional security safeguards can help partners secure their tenants as well as customers, and help mitigate security threats by preventing unauthorized access.

 

What will happen when these security safeguards are activated?

Upon activation, users in the partner tenant will be requested to complete multi-factor authentication (MFA) verification when performing any admin on behalf of (AOBO) operations. We will continue to extend the scope of the activation of security safeguards to additional scenarios and user roles, providing partners with advance notice. For more information, please refer to this documentation. Partners who have not met the requirements should implement these measures as soon as possible to avoid any business disruptions.

 

What should partners do to meet the requirements and stay compliant?

The partner security requirements remain that all partners in the CSP program and Advisor partners must meet the following requirements to stay compliant. Make sure to carefully review the security requirements using step-by-step guide.

  • Enforce multi-factor authentication (MFA) for all users in partner tenants
  • Adopt the Secure Application Model framework

We highly encourage partners to invest in security measures to safeguard their own business as well as their customers’ data. Not implementing these measures can expose partner’s own business and customers’ data to potential security vulnerabilities with undesirable consequences. Partners who do not implement the security requirements may put their participation in the CSP program and Advisor at risk.

 

How can partners check their status of implementing the requirements?

Partner security requirements status check page can help partners identify the key areas to take actions. Check out more detailed here.

 

What are the key resources partners can refer to?

Check out the recently updated resources below:

 

Note: Security defaults are now available as the successor of the preview baseline protection policies. Please learn more details to take required actions.

 

If you have any questions, review the frequently asked questions first. For any further assistance with any technical issues, please submit a support ticket.

 

For partners who have invested in implementing the requirements, we sincerely appreciate your partnership and commitment to ensuring our ecosystem runs on trust.