Reminder: ACTION REQUIRED - Implement Partner Security Requirements Immediately
This update is a reminder of the new partner security requirements to ensure that you comply with the Cloud Solution Provider (CSP) program terms and maintain your ability to sign in and continue transacting in the CSP program.
Greater security and privacy safeguards are among our top priorities. To help protect partners and customers, in June 2019, Microsoft introduced the new mandatory security requirements below for the partners participating in the Cloud Solution Provider (CSP) program, Control Panel Vendors, and Advisor partners.
- Enable multi-factor authentication (MFA) for all users in partner tenants
All users in partner tenants must use multi-factor authentication (MFA) when signing into Microsoft commercial cloud services or transacting in CSP through Partner Center or via APIs. Baseline protection policies that include multi-factor authentication are available at no cost for all users of partner tenants.
- Adopt the Secure Application Model framework
Any application that is used to access the Partner Center API must adhere to the Secure Application Model framework to avoid any disruption to its integration when the baseline policies are enabled. We also recommend that partners adopt the Secure Application Model when they integrate with a Microsoft API such as Azure Resource Manager, Microsoft Graph.
Starting August 1, 2019, the terms associated with these security requirements in the Cloud Solution Provider Program Guide went into effect. All partners participating in the CSP program should meet the requirements to be in compliance with the terms and protect their business.
We appreciate all of our partners who have already implemented these new requirements. If you haven’t deployed the requirements, please do so immediately. Partners who do not abide by these security practices may lose their ability to transact in the CSP program or manage customer tenants leveraging delegate admin rights once we start technical enforcement for the partner security requirements in the near future. We are establishing an enforcement date and will notify partners of that date soon.
Check out the recently updated resources below to help you accelerate your implementation and meet the requirements immediately.
- Partner security requirements implementation step-by-step guide (updated)
- Partner security requirements frequently asked questions (updated)
- Partner Center Security Guidance community group
- Office hours with technical experts
- Partner security requirements resources gallery (updated)
Thank you for your partnership and commitment to ensuring our ecosystem runs on trust.
Note: These new partner security requirements will also be part of the new Microsoft Partner Agreement available on September 1, 2019. For Advisors, the same contractual requirements will go into effect starting September 1 as well.