New requirements for multi-factor authentication

Published 03-25-2021 05:12 AM 1,640 Views
Microsoft

Last year, we started requiring multi-factor authentication (MFA) in Microsoft Advertising online. Multi-factor authentication is a security process that requires you to verify your identity in two different ways. 

 

Soon we will require multi-factor authentication for all users who sign in through any third-party application that uses the Bing Ads API, Content API, and Hotel APIs. 

 

Over the last several months most API clients have prepared for the enforcement of MFA. Due to a new developer requirement as explained below, we are extending the deadline from April 1st to August 1st, 2021.

 

What users need to do

 

When you sign in and allow third-party applications to access your Microsoft Advertising account, you’ll be asked to provide a second form of verification that matches the contact information in your Microsoft account profile. You’ll need to grant consent again for any third-party tools to access your Microsoft Advertising accounts.

 

What developers need to do

 

Update your application to use the new msads.manage scope (coming soon) via the Microsoft Identity endpoint. All application developers must take action to use the new scope.

 

  • Prior to MFA enforcement the Microsoft Identity endpoint supports the ads.manage scope. Access tokens that you acquire for users via the ads.manage scope will no longer be authenticated.

 

  • Prior to MFA enforcement the Live Connect endpoint supports the bingads.manage scope. The Live Connect endpoint is already deprecated and will no longer be supported. Access tokens that you acquire for users via the bingads.manage scope will no longer be authenticated.

 

Upon enforcement of the MFA requirement, we will only authenticate access tokens on behalf of a user who passed through MFA via the new msads.manage scope on the Microsoft Identity endpoint.

 

The new msads.manage scope requires renewed consent from all users of your application. You must prompt users for consent using the new msads.manage scope after they have turned on multi-factor authentication. We recommend that you inform and guide users of your application to set up MFA right away.


Additional resources

 

Support for the new msads.manage scope including SDKs is coming in April. We’ll share updates via the blog and documentation as soon as its ready.

 

The GetUserMFAStatus service operation is now available and can be used to estimate the progress of MFA adoption by users of your application. The operation returns true if during calendar year 2021 the user passed through MFA via Microsoft Advertising online, Microsoft Advertising Editor, or Microsoft Advertising mobile. This is only directional and cannot guarantee they will pass through MFA while granting consent to your application. 

 

For more information, see our API documentation. As always please feel free to contact support or post a question in the Bing Ads API developer forum

 

 

%3CLINGO-SUB%20id%3D%22lingo-sub-2234100%22%20slang%3D%22en-US%22%3ENew%20requirements%20for%20multi-factor%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2234100%22%20slang%3D%22en-US%22%3E%3CP%3ELast%20year%2C%26nbsp%3Bwe%26nbsp%3Bstarted%20requiring%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fabout.ads.microsoft.com%2Fen-us%2Fblog%2Fpost%2Ffebruary-2020%2Fprotect-your-account-with-multi-factor-authentication%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Emulti-factor%20authentication%3C%2FA%3E%26nbsp%3B(MFA)%20in%20Microsoft%20Advertising%20online.%26nbsp%3BMulti-factor%20authentication%20is%20a%20security%20process%20that%26nbsp%3Brequires%26nbsp%3Byou%20to%20verify%20your%20identity%20in%20two%20different%20ways.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESoon%20we%20will%20require%26nbsp%3Bmulti-factor%20authentication%26nbsp%3Bfor%26nbsp%3Ball%20users%20who%20sign%20in%20through%20any%20third-party%20application%20that%20uses%20the%20Bing%20Ads%20API%2C%20Content%20API%2C%20and%20Hotel%20APIs.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOver%20the%20last%20several%20months%20most%20API%20clients%20have%20prepared%20for%20the%20enforcement%20of%20MFA.%20%3CSTRONG%3EDue%20to%20a%20new%20developer%20requirement%20as%20explained%20below%2C%20we%20are%20extending%20the%20deadline%20from%20April%201st%20to%20August%201st%2C%202021.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1299516316%22%20id%3D%22toc-hId-1299508495%22%3E%3CSTRONG%3EWhat%20users%20need%20to%20do%3C%2FSTRONG%3E%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%26nbsp%3Byou%20sign%20in%26nbsp%3Band%20allow%26nbsp%3Bthird-party%20applications%26nbsp%3Bto%20access%20your%20Microsoft%20Advertising%20account%2C%20you%E2%80%99ll%20be%20asked%20to%20provide%20a%20second%20form%20of%20verification%20that%20matches%20the%20contact%20information%20in%20your%20Microsoft%26nbsp%3Baccount%20profile.%20You%E2%80%99ll%20need%20to%20grant%20consent%20again%20for%20any%20third-party%20tools%20to%20access%20your%20Microsoft%20Advertising%20accounts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId--507938147%22%20id%3D%22toc-hId--507945968%22%3E%3CSTRONG%3EWhat%20developers%20need%20to%20do%3C%2FSTRONG%3E%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUpdate%20your%20application%20to%20use%20the%20new%20%3CSTRONG%3Emsads.manage%3C%2FSTRONG%3E%20scope%20(coming%20soon)%20via%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvertising%2Fguides%2Fauthentication-oauth-identity-platform%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Identity%20endpoint%3C%2FA%3E.%20All%20application%20developers%20must%20take%20action%20to%20use%20the%20new%20scope.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EPrior%20to%20MFA%20enforcement%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvertising%2Fguides%2Fauthentication-oauth-identity-platform%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Identity%20endpoint%3C%2FA%3E%20supports%20the%20ads.manage%20scope.%20Access%20tokens%20that%20you%20acquire%20for%20users%20via%20the%20ads.manage%20scope%20will%20no%20longer%20be%20authenticated.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EPrior%20to%20MFA%20enforcement%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvertising%2Fguides%2Fauthentication-oauth-live-connect%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ELive%20Connect%20endpoint%3C%2FA%3E%20supports%20the%20bingads.manage%20scope.%20The%20Live%20Connect%20endpoint%20is%20already%20deprecated%20and%20will%20no%20longer%20be%20supported.%20Access%20tokens%20that%20you%20acquire%20for%20users%20via%20the%20bingads.manage%20scope%20will%20no%20longer%20be%20authenticated.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUpon%20enforcement%20of%20the%20MFA%20requirement%2C%20we%20will%20only%20authenticate%20access%20tokens%20on%20behalf%20of%20a%20user%20who%20passed%20through%20MFA%20via%20the%20new%20msads.manage%20scope%20on%20the%20Microsoft%20Identity%20endpoint.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThe%20new%20%3C%2FSTRONG%3E%3CSTRONG%3Emsads.manage%3C%2FSTRONG%3E%3CSTRONG%3E%20scope%20requires%20renewed%20consent%20from%20all%20users%20of%20your%20application.%3C%2FSTRONG%3E%20You%20must%20prompt%20users%20for%20consent%20using%20the%20new%20msads.manage%20scope%20after%20they%20have%20turned%20on%20multi-factor%20authentication.%20We%20recommend%20that%20you%20inform%20and%20guide%20users%20of%20your%20application%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fmulti-factor-authentication-end-user-first-time%23who-decides-if-you-use-this-feature%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eset%20up%20MFA%3C%2FA%3E%20right%20away.%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1979574686%22%20id%3D%22toc-hId-1979566865%22%3E%3CBR%20%2F%3E%3CSTRONG%3EAdditional%20resources%3C%2FSTRONG%3E%3C%2FH1%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESupport%20for%20the%20new%20msads.manage%20scope%20including%20SDKs%20is%20coming%20in%20April.%20We%E2%80%99ll%20share%20updates%20via%20the%20blog%20and%20documentation%20as%20soon%20as%20its%20ready.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvertising%2Fcustomer-management-service%2Fgetusermfastatus%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGetUserMFAStatus%3C%2FA%3E%20service%20operation%20is%20now%20available%20and%20can%20be%20used%20to%20estimate%20the%20progress%20of%20MFA%20adoption%20by%20users%20of%20your%20application.%20The%20operation%20returns%20true%20if%20during%20calendar%20year%202021%20the%20user%20passed%20through%20MFA%20via%20Microsoft%20Advertising%20online%2C%20Microsoft%20Advertising%20Editor%2C%20or%20Microsoft%20Advertising%20mobile.%20This%20is%20only%20directional%20and%20cannot%20guarantee%20they%20will%20pass%20through%20MFA%20while%20granting%20consent%20to%20your%20application.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20more%20information%2C%20see%26nbsp%3Bour%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fadvertising%2Fguides%2Fauthentication-oauth%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAPI%20documentation%3C%2FA%3E.%20As%20always%20please%20feel%20free%20to%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fabout.ads.microsoft.com%2Fen-us%2Fmicrosoft-advertising-support%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Econtact%20support%3C%2FA%3E%26nbsp%3Bor%20post%20a%20question%20in%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D269629%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EBing%20Ads%20API%20developer%20forum%3C%2FA%3E.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2234100%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EDue%20to%20a%20new%20developer%20requirement%20as%20explained%20below%2C%20we%20are%20extending%20the%20deadline%20from%20April%201st%20to%20August%201st%2C%202021.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Co-Authors
Version history
Last update:
‎Mar 25 2021 03:12 PM
Updated by: