Forum Discussion
security score requirements > 80 ?
Hi Nam,
Based on my interpretation there are different requirements (policies) which need to be in effect at certain moments in time. Starting 1st of October 2025 all partners need to have at least the following policies in place:
- Enable multifactor authentication for admin roles in the Partner tenant
- Response to alerts is 24 hours or less on average
- Provide a Security contact
at anniversary month other requirements need to be met:
Direct Bill anniversary
4. Enable MFA for all Customer Admin roles
5. All azure subs have spending limit
Same policy 4 & 5 apply for the Disti, but as the FAQ mentions they only need to meet the revenue and security requirements on anniversary in Year 2.
Applying all above with current scores brings tenant to 80 points. In preview I can see another policy in Partnercenter worth 10 points, then we are still missing 10 points for a yet undisclosed requirement.
6. All users complete multifactor authentication registration
7. Yet unknown requirement
As said, this is my interpretation of the documentation. Hope this helps, but it wouldn't mind to keeping an eye on partnercenter on any changes popping up there...
Regards,
Martijn
ps: readable version of the FAQ in CSP partner launch calender https://partner.microsoft.com/nl-nl/resources/detail/partner-launch-calendar-csp-pdf
From the F&Q document I see a section titled Complete the mandatory requirements of the Partner Center security score*
Not sure if it only mandatory does only
- Enable multifactor authentication for admin roles in the Partner tenant
- Response to alerts is 24 hours or less on average
- Provide a Security contact
The other 2 Topic Enable MFA for all Customer Admin roles & All azure subs have spending limit are as shown in the picture that I posted on the partner center and in the In preview section, another 10 points, which are just recommended Are they forcing you to do it ? I think the latest document only enforces the mandatory part. What do you think?
But for sure if the score must be more than 80% I can't do the Enable MFA for all Customer Admin roles topic. I have 7000+ customers who don't have MFA enabled. Even if I advise partner awarness about this, I can't force them to enable it.
I need to have my cat watch Microsoft for every move they make.
Now the wordings around the security requirements have changed. https://learn.microsoft.com/en-us/partner-center/security/security-requirements
Beginning October 1, 2025, updated Cloud Solution Provider (CSP) authorization eligibility requirements will be enforced for direct bill partners, distributors (formerly indirect provider), and indirect resellers. These changes are designed to strengthen the security posture and operational readiness of partners across the ecosystem. As part of these updates, all partners must meet the mandatory security requirements of the Partner Center security score:
- Enable Multi-Factor Authentication (MFA) for all administrative users in the CSP tenant.
- Designate a security contact within Partner Center.
- Respond to security alerts within 24 hours or less. (doesn't apply to indirect reseller partners).
These requirements are validated annually during the anniversary month of the partner’s original CSP onboarding.
it used to be 1, 2 & 3 go into effect per 1-10-2025, now its shifted towards anniversary.
never a dull moment.
Thnx for making me aware.
regards,
Martijn
Thank you very much, I am quite relieved for this update, which does not require a minimum score of 80 or more.
YET....