Impacted Audience
- Partners transacting in the CSP program using CSP capabilities and APIs in the partner center
(Indirect providers, direct bill partners and CSP indirect resellers) - Control panel vendors who integrate their solutions with APIs in the partner center
Summary
Microsoft is committed to providing a trusted set of cloud services and platforms. To build on our trust commitment, on November 5, 2018, we introduced new security requirements, extending the Microsoft secure application model and best practices to our partner ecosystem. These best practices and security requirements help better protect our partners and customers in the Cloud Solution Provider (CSP) program ecosystem from potential security attacks caused by unauthorized access to CSP capabilities in the partner center.
Partners provided us with considerably positive feedback on our direction to help secure and protect our CSP program ecosystem. We also heard concerns about the tight timeline to implement the requirements and the costs of adopting MFA.
To mitigate partners’ business impacts and concerns and to better incorporate partner feedback, we have decided to postpone the February 4, 2019 enforcement date that was previously communicated. We will share more detailed information and revised timeline in a further update.
We sincerely appreciate all of our partners who have already implemented these new requirements. Enhancing protections on Microsoft platforms with the secure application model and MFA will help strengthen your competitive advantage by enabling greater security for your company, partners and customers. If you haven’t met the requirements yet, please start to implement immediately, referring to the resources below.
Key resources
Again, we appreciate your feedback and partnership. We will provide you with more detailed information in future communications.
