Hero Banner

Announcements

Check out recent announcements and upcoming events

Reply
Microsoft

[Nov 5, 2018] CSP New Mandatory Security Requirments

Impacted Audience

  • Partners transacting in the CSP program using CSP capabilities and APIs in the partner center (Indirect providers, direct bill partners and CSP indirect resellers)
  • Control panel vendors who integrate their solutions with APIs in the partner center

 

Summary

Cybersecurity is the central challenge of our digital age. Microsoft is committed to providing a trusted set of cloud services and platforms. We invest heavily in our technology, people and processes to help ensure that customers’ as well as partners’ data is private and protected from unauthorized access, both internally and externally.

 

We have noticed an increasing number of security breaches and fraud incidents in the industry. As our Cloud Solution Provider (CSP) program ecosystem grows, we are extending our secure application model and best practices to our partner ecosystem. We are introducing new mandatory security requirements that help protect our partners in the CSP program ecosystem, as well as customers, from potential security risks caused by unauthorized access to CSP capabilities in the partner center.

 

The new security requirements include:

  1. Enabling a new secure application model to integrate with APIs in the partner center
  2. Adopting and enabling Multi-Factor Authentication (MFA) to access CSP capabilities and APIs in the partner center

 

These requirements will enable all parties, including partners in the CSP program, control panel vendors and customers to better protect their infrastructure as well as customer data from potential security risks such as identify theft or other fraud incidents.

 

Partner Action Required:

1. Enabling a new secure application model to integrate with APIs in the partner center

  • All control panel vendors and partners in the CSP program who integrate their solutions with Partner Center APIs need to enable the new secure application model
  • Timeline
    • Implementation date: December 11, 2018
    • Requirement enforcement date begins February 4, 2019
      • Starting February 4, 2019, partners who don’t meet these security requirements will not be able to transact through APIs in the partner center.

 

Partner scenarios/Actions required

1. Partners using APIs directly (Indirect providers, direct bill partners)

2. Control panel vendors integrating with APIs

  • On-board to the partner center as a control panel vendor.
  • Start implementing the requirement immediately. Refer to this document – Partner center: secure application model guide.
  • Accept and manage consents instead of credentials from the partners in CSP program
  • Purge all existing credentials of your partners in the CSP program

3. Partners using control panel vendor platforms (Indirect providers, direct bill partners)

  • Consult with your control panel vendors to adopt the new security application model

-----

2. Adopting Multi-Factor Authentication (MFA) to access Partner Center API and CSP capabilities in the partner center

  • All partners in the CSP program and control panel vendors who want to access CSP capabilities in the partner center and APIs are required to adopt an MFA solution to further safeguard through a second form of authentication.
  • Partners can choose any MFA solution that is compatible with Azure Active Directory (AAD). Many MFA solutions in the market are compatible with AAD. Please contact a MFA solution provider you select to verify details.
  • Enforcement date for adopting MFA begins February 4, 2019
  • Starting February 4, 2019, partners who don’t meet these security requirements will not be able to transact through the CSP capabilities or APIs in the partner center.

 

Partner scenarios/Actions required

1. Partners accessing CSP capabilities or APIs directly (Indirect providers, direct bill partners, CSP resellers)

  • Implement a MFA solution to access CSP capabilities or APIs in the partner center

2. Control panel vendors integrating with APIs in the partner center

  • Implement a MFA solution to access APIs or Sandbox in the partner center

3. Partners transact through APIs using control panel vendor platforms (Indirect providers, direct bill partners)

  • Implement a MFA solution to access CSP capabilities or APIs in the partner center

-----

Next steps and key resources

 

Note A control panel vendor (CPV) is an independent software vendor who provides the partners in the CSP program with applications, tools or platforms integrated with APIs in the partner center. Typically, a control panel vendor is not a partner in the CSP program with direct access to CSP capabilities and APIs in the partner center.

1 REPLY 1
Visitor 1

Re: [Nov 5, 2018] CSP New Mandatory Security Requirments

Very useful information

Name: Chris

Web 

https://email-support-and-help.blogspot.com