Hero Banner

Partner Membership Discussions

Discuss Competencies, Enrollment, MAPS and Renewals topics

Reply
Level 1 Contributor

Can´t sign in to the partner portal - loop

I can´t access the MS partner portal. It just stopped working few days ago. When I click the Sign in button it will sign me in with my work account but the button Visit partner center is not displayed. Instead of the Visit partner center button it´s asking for Sign in again and again and again...

I assume this problem somehow related to the MFA trusted IP locations - when I try to access the partner portal from a trusted IP because otherwise I can access the partner portal normally. I already defined a conditional access to the Microsoft Azure Management to grant access with MFA but this is not probably related to partner portal.

Can someone confirm me that this problem is related to MFA? And if yes then how can I solve it?

1 ACCEPTED SOLUTION
Microsoft

OK, if you don't have active CSP status, I think it is likely not due to MFA (or lack thereof). if the login problem is only in Partner Center, I'll advice to open a ticket. You can do this without using Partner Center: https://partner.microsoft.com/en-US/support/?stage=1

And then see on right side "General: Unable to Login Into Partner Center>"

 

A few additional notes not relevant for your current problems, but anyway:

 - You can not override a Trusted IP exclusion (set on the MFA admin portal) with conditional access. What you can do is configuring conditional access rules with specific exclusions in each policy

- "Remember MFA on this device" will actually increase number of prompts for MFA on any app that uses modern authentication.

- My personal recommendation - Do not consider your internal network is secure (zero trust) - an attacker would welcome it a lot when no security controls are enforced just because the attacked device is located in the internal network. If any, I would only exclude users from MFA based on device state

Kind regards,
Janosch

View solution in original post

3 REPLIES 3
Microsoft

If you have a status as CSP Partner, and so you are subject to the Partner Center Security requirements/MFA, it is not compliant to configure trusted IPs to be excluded from MFA.

Also, when configuring trusted IPs as exclusion, they will also affect the processing of conditional access rules.

So I'll advise to to remove any Trusted IPs or other exclusions.

Stil I'm not completely sure this will resolve the issue you are describing, but it might be a good start.

Kind regards,
Janosch
Level 1 Contributor

We don´t have the CSP partner status anymore only MPN. I understand that removing a trusted IPs is solution to the partner center access but it´s lovely thing for our employees in our office and in our VPN (network flow through company router) because they don´t need to confirm MFA every time when their cookies expires or remember MFA status on device expires. Overriding a trusted IPs MFA non-request with conditional access MFA to the Microsoft Azure Management? Great solution but missing partner center... Anyway I will try to remove our trusted IP and test it.

Microsoft

OK, if you don't have active CSP status, I think it is likely not due to MFA (or lack thereof). if the login problem is only in Partner Center, I'll advice to open a ticket. You can do this without using Partner Center: https://partner.microsoft.com/en-US/support/?stage=1

And then see on right side "General: Unable to Login Into Partner Center>"

 

A few additional notes not relevant for your current problems, but anyway:

 - You can not override a Trusted IP exclusion (set on the MFA admin portal) with conditional access. What you can do is configuring conditional access rules with specific exclusions in each policy

- "Remember MFA on this device" will actually increase number of prompts for MFA on any app that uses modern authentication.

- My personal recommendation - Do not consider your internal network is secure (zero trust) - an attacker would welcome it a lot when no security controls are enforced just because the attacked device is located in the internal network. If any, I would only exclude users from MFA based on device state

Kind regards,
Janosch

View solution in original post