Reply
Topic Options
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe to Topic
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-24-2019
07:55 AM
Service principals as exception for MFA/end user protection requirements
Greetings dear community,
I have some issues with a partner concerning the enabling of the necessary admin MFA/ EUP policies:
The distributor has a marketplace account that authenticates via Tokens (which, according to the partner, had to be done that way as by the MFA-Guidelines of the Partner Center). Now he is of the opinion that enabling 'end user protection' would override the token-based authentication and thus affecting the functionality of the marketplace. Instead, he has created a custom policy covering all users but the marketplace-account. Will this fulfill the requirements? How should I proceed here?
Thank you sincerely in advance for your answers!
Kind regards,
Martin
Labels:
- Labels:
-
CSP
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-25-2019
12:20 AM
As I understand it: Excluding accounts will not be in compliance with the Partner Security Requirements. They have to be 'Included' in a policy that has the MFA control enabled.
I hope that we can exclude certain Apps though
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
07-28-2019
09:49 PM
@MartinJ - app only authentication is not impacted by the partner security requirements. So, they only used a client identifier and secret key to request an access token then they can safely enable the baseline policies. @assofohdz is correct that they will not be able to exlcude users. If they have a policy that does this today, then they need to look into modifying it to comply with the requirements.
