IMPORTANT UPDATE: Partner Security Requirements - Activating Security Safeguards Starting Nov 18, 2019
Target partner audiences
- All partners participating in the Cloud Solution Provider (CSP) program that transact Microsoft commercial cloud services: direct bill partners, Indirect providers, and Indirect resellers
- All Control Panel Vendors
- All Advisor program partners
Greater and ongoing security and privacy safeguards are among our top priorities. To help protect partners and customers, in June 2019, Microsoft introduced new mandatory security requirements for partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors, and Advisor partners. Effective August 1, 2019, the terms associated with these security requirements in the Cloud Solution Provider Program Guide went into effect. All these partners must meet the requirements to stay complaint with the program guidelines and protect their businesses.
Starting November 18, 2019, Microsoft will begin the activation of additional security safeguards to partner tenants. This additional security safeguards can help partners secure their tenants as well as customers, and help mitigate security threats by preventing unauthorized access.
What will happen when these security safeguards are activated?
Upon activation, users in the partner tenant will be requested to complete multi-factor authentication (MFA) verification when performing any admin on behalf of (AOBO) operations. We will continue to extend the scope of the activation of security safeguards to additional scenarios and user roles, providing partners with advance notice. For more information, please refer to this documentation. Partners who have not met the requirements should implement these measures as soon as possible to avoid any business disruptions.
What should partners do to meet the requirements and stay compliant?
The partner security requirements remain that all partners in the CSP program and Advisor partners must meet the following requirements to stay compliant. Make sure to carefully review the security requirements using step-by-step guide.
- Enforce multi-factor authentication (MFA) for all users in partner tenants
- Adopt the Secure Application Model framework
We highly encourage partners to invest in security measures to safeguard their own business as well as their customers’ data. Not implementing these measures can expose partner’s own business and customers’ data to potential security vulnerabilities with undesirable consequences. Partners who do not implement the security requirements may put their participation in the CSP program and Advisor at risk.
How can partners check their status of implementing the requirements?
What are the key resources partners can refer to?
Check out the recently updated resources below:
- Step-by-step guide
- Frequently asked questions
- Partner Center Security Guidance community group
- Microsoft office hours with technical experts
Note: Security defaults are now available as the successor of the preview baseline protection policies. Please learn more details to take required actions.
For partners who have invested in implementing the requirements, we sincerely appreciate your partnership and commitment to ensuring our ecosystem runs on trust.