Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Reply
Visitor 1

Action Required - CSP program new mandatory security requirements:

The FAQ and all other documentation refers to the fact that all users accessing “Microsoft commercial cloud services” need to have MFA. Only a handful of our staff have access to the CSP component of Partner Center, however they do have access to the MPN area within PC. Do we need to enable MFA for these users as well or just those with access to the CSP section?

1 ACCEPTED SOLUTION

Accepted Solutions
Microsoft

Re: Action Required - CSP program new mandatory security requirements:

Hi @JohnGorton

 

You will need to enforce MFA for each users in the partner directory. This means each user in an Azure AD that is associated with an enrollment to the Cloud Solution Provider program, Control Panel Vendor, and advisiors program will need to sign-in with MFA. There are a number of ways that this can be accomplished. Enabling the Azure AD baseline protection policies will allow you to quick ensure each user is protected. 

 

Please let us know if you have any concerns or questions.  


Isaiah Williams
Cloud Technology Strategist | US – One Commercial Partner
6 REPLIES 6
Microsoft

Re: Action Required - CSP program new mandatory security requirements:

Hi @JohnGorton

 

You will need to enforce MFA for each users in the partner directory. This means each user in an Azure AD that is associated with an enrollment to the Cloud Solution Provider program, Control Panel Vendor, and advisiors program will need to sign-in with MFA. There are a number of ways that this can be accomplished. Enabling the Azure AD baseline protection policies will allow you to quick ensure each user is protected. 

 

Please let us know if you have any concerns or questions.  


Isaiah Williams
Cloud Technology Strategist | US – One Commercial Partner
Level 1 Contributor

Re: Action Required - CSP program new mandatory security requirements:

Hi,

 

I only had the email telling me to do this on Thursday, can somone give me a clear date by when this needs to be completed please and also is there somewhere that I can check that I have met the requirements once I have updated each of my customers 365 organisations?.

 

Many Thanks

 

Jason 

Visitor 1

Re: Action Required - CSP program new mandatory security requirements:

Hi Isaiah,

 

Are the baseline protection policies required, or can the users be set up one-offs? I ask because we have some users on a third party MFA solution and some on Microsoft's solution. We will be moving over to the third party solution totally by EOY.

 

Thanks

Paul

Highlighted
Microsoft

Re: Action Required - CSP program new mandatory security requirements:

@jgough The requirements became effective in the contract (CSP Program Guide) on August 1st, 2019 (Following the announcement in Partner Center end of June).

For technical enforcement there was no date announced yet.

 

You can use the Secure Score feature to check if MFA was enabled: https://docs.microsoft.com/en-us/partner-center/partner-security-requirements#assessing-your-environment (There might be updates to the guidance in the coming days, so better bookmark this site).

 

There is no requirement to enable MFA in end customer tenants. It is recommended to enable MFA in customer tenants and help customers to increase their security, but the MFA requirement that was announced only applies to CSP Partners themselves (their own tenant used for transactiong CSP), not the tenants of their customers.

Microsoft

Re: Action Required - CSP program new mandatory security requirements:

@CDI_PT : Baseline policies are only one option, you can also use your own conditional access rules and/or enable MFA for each user.

For leveraging both AzureMFA and 3rd party MFA you could e.g. create conditional access rules, for one group with with "Require MFA" as control (= Azure MFA), the other group uses "custom controls" where you can integrate 3rd party solutions.

See also https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-faq 

Level 2 Contributor

Re: Action Required - CSP program new mandatory security requirements:

I just recently added the 3rd party MFA option into Conditional Access using Duo's free option, which works for cloud apps and up to 10 users. They have very easy to follow instructions on integrating their service with CA, and I was able to switch over our "break glass" Global Admin account to this new service. That way if Microsoft's MFA goes down, we have a way to get in.