Cybersecurity is the central challenge of our digital age. Microsoft is committed to providing a trusted set of cloud services and platforms. We invest heavily in our technology, people, and processes to help ensure that customers’ as well as partners’ data is private and protected from unauthorized access, both internally and externally.
Microsoft has just updated its security. Below are some of the Frequently Asked Questions that are troubling users around the world.
Why is Microsoft implementing these new requirements?
Microsoft is committed to providing a trusted set of cloud services and platforms. We have noticed an increasing number of security breaches and fraud incidents in the industry. As our Cloud Solution Provider program ecosystem grows, we are extending our security best practices to our partner ecosystem, and introducing new mandatory security requirements that help protect our partners in the CSP program ecosystem as well as customers from unexpected security risks and financial damages caused by unauthorized access.
The new mandatory security requirements include:
- Enabling a new secure application model to integrate with Partner Center APIs.
Effective date starts December 11, 2018.
- Adopting and enabling Multi-Factor Authentication (MFA) to access Partner Center API and Partner Center Dashboard. Enforcement date begins February 4, 2019.
Enabling a new security model will allow partners transacting in the CSP program to activate a more secure access to Partner Center APIs with enhanced identity protection features. This secure application model helps partners to further secure credentials and reduce the potential financial and branding damages caused by unauthorized access. These requirements empowers all parties, including partners in the CSP program as well as control panel vendors (CPV), to protect their infrastructure as well as customer data from unauthorized access and unintended security risks such as identify theft or other fraud incidents.
Our company already applied industry best practices to keep our system secure. Why should I implement these requirements?
CSP partners must meet these requirements before the effective dates. Microsoft is committed to providing a trusted set of cloud services and platforms. As our Cloud Solution Provider (CSP) program grows, we are extending our security best practices and features available on Microsoft Partner Center to our partner ecosystem.
New Security Requirements for the CSP program
What will happen if I do not take any actions?
Failure in implementing these changes may impact partner’s ability to transact through the Cloud Solution Provider (CSP) program via Partner Center API and Partner Center Dashboard.
Secure Application Model FAQs
What is the new secure application model?
Microsoft is introducing a secure, scalable framework for authenticating Cloud Solution Provider (CSP) partners and control panel vendors (CPV) through the Microsoft Azure multi-factor authentication (MFA) architecture. CSP partners and CPVs can rely on the new secure application model to elevate security for Partner Center API integration.
Further detail is available within the secure application model guide.
How do I know if my control panel vendor (CPV) is working on implementing the solution or not?
For partners using a control panel vendor (CPV) solution to transact in the Cloud Solution Provider (CSP) program, it is your responsibility to consult with your CPV to meet this requirement.
When do I need to implement a Multi-Factor Authentication (MFA) solution?
Partners must complete this action by the effective date, February 4, 2019.
New Security Requirements for the CSP program
I use multiple tenants to transact, do I need to implement a MultiFactor Authentication (MFA) solution on them all?
Yes. A Multi-Factor Authentication (MFA) solution must be implemented on all active Cloud Solution Provider (CSP) tenants a partner uses.
If my company transacts through the CSP program in multiple countries, how will implementing a Multi-Factor Authentication (MFA) solution work?
A Multi-Factor Authentication (MFA) solution must be implemented on all active Cloud Solution Provider (CSP) tenants a partner uses.
I am a Direct Bill partner with Microsoft. Do I still have to do this?
Yes. Direct Bill Cloud Solution Provider (CSP) partners need to implement a Multi-Factor Authentication (MFA) solution before the effective date, February 4, 2019.
I am an Indirect Reseller and only transact through a distributor. Do I still have to do this?
For Cloud Solution Provider (CSP) partners transacting through a distributor, the distributor is responsible for implementing a Multi-Factor Authentication (MFA) solution. All partners who access Partner Center Dashboard themselves must implement a MFA solution.
Should I use or purchase Microsoft Azure Active Directory (AAD) premium?
Microsoft allows you to choose among the various Multi-Factor Authentication (MFA) solutions available on the market to best fit your business needs. Partners can choose any MFA solutions that are compatible with Azure Active Directory (AAD). Microsoft Azure Active Directory (AAD) premium is one of several options available which provide advanced Multi-Factor Authentication (MFA) capabilities.
Which vendors provide Multi-Factor Authentication (MFA) solutions compatible with Microsoft Azure Active Directory (AAD)?
There are many independent reviews of MFA solutions online, such as Gartner. When reviewing MFA vendors and solutions, partners must ensure the solution they choose is compatible with Azure Active Directory (AAD).
I already have implemented a Multi-Factor Authentication (MFA) solution in our environment, what should I do?
Partners should check their Multi-Factor Authentication (MFA) solution is supported by Microsoft Azure Active Directory (AAD).
If you need any help with these new changes, get in touch with us and let us assist you.