- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe to Topic
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
[Jan 24, 2019] Important Update: CSP Program Security Requirements
Impacted Audience
- Partners transacting in the CSP program using CSP capabilities and APIs in the partner center
(Indirect providers, direct bill partners and CSP indirect resellers) - Control panel vendors who integrate their solutions with APIs in the partner center
Summary
Microsoft is committed to providing a trusted set of cloud services and platforms. To build on our trust commitment, on November 5, 2018, we introduced new security requirements, extending the Microsoft secure application model and best practices to our partner ecosystem. These best practices and security requirements help better protect our partners and customers in the Cloud Solution Provider (CSP) program ecosystem from potential security attacks caused by unauthorized access to CSP capabilities in the partner center.
Partners provided us with considerably positive feedback on our direction to help secure and protect our CSP program ecosystem. We also heard concerns about the tight timeline to implement the requirements and the costs of adopting MFA.
To mitigate partners’ business impacts and concerns and to better incorporate partner feedback, we have decided to postpone the February 4, 2019 enforcement date that was previously communicated. We will share more detailed information and revised timeline in a further update.
We sincerely appreciate all of our partners who have already implemented these new requirements. Enhancing protections on Microsoft platforms with the secure application model and MFA will help strengthen your competitive advantage by enabling greater security for your company, partners and customers. If you haven’t met the requirements yet, please start to implement immediately, referring to the resources below.
Key resources
- Partner Center secure application model guide
- CSP partners: sample code for enabling secure application model
- Control panel vendors: sample code for enabling secure application model
- Five steps to securing your identity infrastructure
- How multi-factor authentication works
- For additional questions, please refer to this frequently asked questions document.
- Direct your questions and feedback to this Partner Center Security Guidance Group on Microsoft Partner Community or https://aka.ms/MSPCSecurityGuidance Yammer group.
Again, we appreciate your feedback and partnership. We will provide you with more detailed information in future communications.
- Labels:
-
Cloud Platform
-
Cloud Transformation
-
CPV
-
CSP
-
Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
You said:
To mitigate partners’ business impacts and concerns and to better incorporate partner feedback, we have decided to postpone the February 4, 2019 enforcement date that was previously communicated. We will share more detailed information and revised timeline in a further update.
Just wanted to make sure you have not posted a new date. It is my understanding that you have not. We do have one app that is still under dev to meet Microsoft security mandate.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Brian,
Thank you for checking with us on the date. We have not posted any new date yet.
Once we have a new date, we will post the update to the partner center announcment page as well as this MPC community announcement section.
We encourge you to contine to implement and meet the requirements as soon as possible.
Thank you!
