Hero Banner

Announcements

Check out recent announcements and upcoming events

Reply
Moderator

IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019

Target partner audiences

  • All partners participating in the Cloud Solution Provider (CSP) program that transact Microsoft commercial cloud services: direct bill partners, Indirect providers, and Indirect resellers
  • All Control Panel Vendors
  • All Advisor program partners

 

Summary

Greater and ongoing security and privacy safeguards are among our top priorities. To help protect partners and customers, in June 2019, Microsoft introduced new mandatory security requirements for partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors, and Advisor partners. Effective August 1, 2019, the terms associated with these security requirements in the Cloud Solution Provider Program Guide went into effect. All these partners must meet the requirements to stay complaint with the program guidelines and protect their businesses.

 

Starting November 18, 2019, Microsoft will begin the activation of additional security safeguards to partner tenants. This additional security safeguards can help partners secure their tenants as well as customers, and help mitigate security threats by preventing unauthorized access.

 

What will happen when these security safeguards are activated?

Upon activation, users in the partner tenant will be requested to complete multi-factor authentication (MFA) verification when performing any admin on behalf of (AOBO) operations. We will continue to extend the scope of the activation of security safeguards to additional scenarios and user roles, providing partners with advance notice. For more information, please refer to this documentation. Partners who have not met the requirements should implement these measures as soon as possible to avoid any business disruptions.

 

What should partners do to meet the requirements and stay compliant?

The partner security requirements remain that all partners in the CSP program and Advisor partners must meet the following requirements to stay compliant. Make sure to carefully review the security requirements using step-by-step guide.

  • Enforce multi-factor authentication (MFA) for all users in partner tenants
  • Adopt the Secure Application Model framework

We highly encourage partners to invest in security measures to safeguard their own business as well as their customers’ data. Not implementing these measures can expose partner’s own business and customers’ data to potential security vulnerabilities with undesirable consequences. Partners who do not implement the security requirements may put their participation in the CSP program and Advisor at risk.

 

How can partners check their status of implementing the requirements?

Partner security requirements status check page can help partners identify the key areas to take actions. Check out more detailed here.

 

What are the key resources partners can refer to?

Check out the recently updated resources below:

 

Note: Security defaults are now available as the successor of the preview baseline protection policies. Please learn more details to take required actions.

 

If you have any questions, review the frequently asked questions first. For any further assistance with any technical issues, please submit a support ticket.

 

For partners who have invested in implementing the requirements, we sincerely appreciate your partnership and commitment to ensuring our ecosystem runs on trust.

4 REPLIES 4
Visitor 1

Re: IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019

Hi ,

 

What role sould be given to a user to see the page

 

https://partner.microsoft.com/pcv/security/compliance

 

The MPM admin is not able to see.

The only  user that worked was global admin .

 

 

Microsoft

Re: IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019

@paulorosa : Yes, this was restricted to global admin. Afaik security admins should also be able to use the Powershell mthod: https://docs.microsoft.com/en-us/powershell/module/partnercenter/get-partnerusersigninactivity?view=partnercenterps-3.0

And user admins can also access the AzureAD sign-in logs to check who is using MFA.

 

MPN admin does not have access to any of the above mentioned report.

Level 2 Contributor

Re: IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019

@JanoschUlmer ,

 

We received conflicting messaging around the enforcement for blocking legacy protocols.  Back on 1/9, we received a message from Microsoft that stated legacy protocols will be blocked by Feb 29th.  I received a Microsoft email through a mutual customer stating, "Blocking legacy authentication will not be enforced for partners at this time. However, as most events related to compromised identities come from sign-in attempts using legacy authentication, partners are encouraged to move away from these older protocols."

 

Has Microsoft changed on their position for enforcing the blocking of legacy protocols for Microsoft CSP partners?

Microsoft

Re: IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019

@Lfortson : Currrently trying to get more information on this myself. I can confirm that, to my own surprise, legacy authentication was planned not to be blocked for Partner tenants when using security defaults (in end customer tenants AAD security defaults would still block those), so you you could still use e.g. App Passwords. However, this was only a temporary exception and I can't tell how long this was planned to be available.

Also I have received numerous reports of Partner where this does not work - for this you can also reach out to support.

 

However, because the exception was only meant to be temporary I personally would suggest to use custom CA policies if you know that you need legacy protocols working for the forseeable future.