Forum Discussion
Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers
I just read this article: https://krebsonsecurity.com/2019/06/microsoft-to-require-multi-factor-authentication-for-cloud-solution-providers/ I'm not sure I understand it. 1. As a CSP, d...
Hi famadorian
Supporting articles:
https://docs.microsoft.com/en-us/partner-center/enable-mfa
https://social.msdn.microsoft.com/Forums/en-US/b0536220-cd80-469b-8573-bd300b50a956/question-about-upcoming-csp-program-new-mandatory-security-requirements
To answer your questions
1.) No, you as the CSP have to enable MFA on your Partner Centre account which accesses your customers tenants. The customers do not have to do anything.
2.) It was announced some time back - if memory serves me at the back end of last year. The official Microsoft supporting article's date is 21st December 2018 but it was a bit before this as shown in the second article dated November 2018. The original date of the enforcement was in February this year so it's already been pushed back
3.) If you miss the deadline you will not be able to transact within the Partner Centre via the GUI or via API's
This all came about because a well known US CSP was breached leading to the unauthorized access of customer tenants. I can't say for sure whether this was an isolated incident but was enough to force the change.
The CSP Yammer Community is in this Yammer group: https://www.yammer.com/office365partners. However, it is a restricted group and you will need to apply on it for access.
Hope that answers your questions!
Best, Chris
Supporting articles:
https://docs.microsoft.com/en-us/partner-center/enable-mfa
https://social.msdn.microsoft.com/Forums/en-US/b0536220-cd80-469b-8573-bd300b50a956/question-about-upcoming-csp-program-new-mandatory-security-requirements
To answer your questions
1.) No, you as the CSP have to enable MFA on your Partner Centre account which accesses your customers tenants. The customers do not have to do anything.
2.) It was announced some time back - if memory serves me at the back end of last year. The official Microsoft supporting article's date is 21st December 2018 but it was a bit before this as shown in the second article dated November 2018. The original date of the enforcement was in February this year so it's already been pushed back
3.) If you miss the deadline you will not be able to transact within the Partner Centre via the GUI or via API's
This all came about because a well known US CSP was breached leading to the unauthorized access of customer tenants. I can't say for sure whether this was an isolated incident but was enough to force the change.
The CSP Yammer Community is in this Yammer group: https://www.yammer.com/office365partners. However, it is a restricted group and you will need to apply on it for access.
Hope that answers your questions!
Best, Chris