Hero Banner

UK Partner Zone Discussions

A dedicated area for UK Partners to connect around readiness events and content at a local level.

Reply
kibarn
Microsoft

FY19: CSP program new mandatory security requirements

Hi all,

This is an important update related to CSP program security requirements for partners.

 Cybersecurity is the central challenge of our digital age. Microsoft is committed to providing a trusted set of cloud services and platforms. We invest heavily in our technology, people and processes to help ensure that customers’ as well as partners’ data is private and protected from unauthorized access, both internally and externally.

 We have noticed an increasing number of security breaches and fraud incidents in the industry. As our Cloud Solution Provider (CSP) program ecosystem grows, we are taking action to extend our secure application model and best practices to our partner ecosystem.

 Today (November 5, 2018), we are announcing new mandatory security requirements that help protect our partners in the CSP program ecosystem and customers from potential security risks caused by unauthorized access to CSP capabilities in the partner center. These requirements will be communicated to partners via announcement in the partner center, CSP Yammer groups and to-partner email.

 Impacted partners

  • Control panel vendors who integrate their solutions with APIs in the partner center
  • Partners transacting in the CSP program using CSP capabilities or APIs in the partner center (Indirect providers, direct bill partners and CSP indirect resellers)

The new security requirements include:

     1. Enabling a new secure application model to integrate with APIs in the partner center

  • All control panel vendors and partners in the CSP program who integrate their solutions with APIs in the partner center need to enable the new secure application model
  • Timeline
    • Implementation due date: December 11, 2018
    • Requirement enforcement date begins February 4, 2019

 

     2. Adopting and enabling Multi-Factor Authentication (MFA) to access CSP capabilities or APIs in the partner center

  • All partners in the CSP program and control panel vendors who access CSP capabilities or APIs in the partner center are required to adopt MFA to further safeguard through a second form of authentication.
  • Partners can choose any MFA solution that is compatible with Azure Active Directory (AAD).
  • Enforcement date for adopting MFA begins February 4, 2019

 

Starting February 4, 2019, partners who don’t meet these security requirements will not be able to transact through the CSP capabilities or APIs in the partner center.

 

Field calls to action

 

Partner-ready resources

 

Note: A control panel vendor (CPV) is an independent software vendor who provides the partners in the CSP program with applications, tools or platforms integrated with Partner Center APIs. Typically, a control panel vendor is not a partner in the CSP program with direct access to CSP capabilities in the partner center APIs.

0 REPLIES 0