New Security Requirements for Microsoft Partners
Thursday 5th September 2019
To help protect both partners and customers, Microsoft have made it mandatory for partners participating in the Cloud Solution Provider (CSP) program to enable multi-factor authentication (MFA) for all users in partner tenants.
Read the initial article published in June 2019 - mandatory security requirements.
In summary, all users in partner tenants must use multi-factor authentication (MFA) when signing in to Microsoft commercial cloud services or transacting in CSP through Partner Center or via APIs. Baseline protection policies, which include multi-factor authentication, are available at no cost for all users of partner tenants.
On 1st August 2019, the terms associated with these security requirements in the Cloud Solution Provider Program Guide went into effect. All partners participating in the CSP program should meet the requirements to comply with the terms to protect their business.
If you haven’t deployed the requirements, please do so immediately. Partners who do not abide by these security practices may lose their ability to transact in the CSP program or manage customer tenants leveraging delegate admin rights once Microsoft start technical enforcement. Microsoft are establishing an enforcement date and will notify partners of that date soon.
Next Steps
Check out the recently updated resources below to help you accelerate your implementation and meet the requirements immediately:
- Partner security requirements implementation step-by-step guide
- Partner security requirements frequently asked questions
- Partner Center Security Guidance community group
- Office hours with technical experts
- Partner security requirements resources gallery
Please note, you will see reference to ‘Adopt the Secure Application Model framework’ as one of the mandatory security requirements. As your CSP Provider Bytes have fully implemented the Secure Application Model framework along with multi-factor authentication for all of our users. The Secure Application Model framework is not something our Indirect CSP Resellers need to do anything with as it only concerns those partners, such as Bytes, who transact with Microsoft via APIs.
Want to keep informed? Sign up to our Newsletter