This info can also be found in Microsoft's official documentation.

What is the MFA security requirement for CSP Indirect resellers?

These best practises and security standards help the Cloud Solution Provider (CSP) programme ecosystem better protect partners and customers from possible security threats triggered by unauthorised access to CSP capabilities in the partner core.

The following are the current mandatory protection requirements:

  • Integrating Partner Center APIs with a new stable framework model.

  • To gain access to the Partner Center API and Dashboard, you must first adopt and enable Multi-Factor Authentication (MFA).

  • Umbrellar has already made the decision to adopt. Partner Center has mandated the adoption of a new stable application model.

However, a CSP indirect reseller who needs access to the Partner Center Dashboard MUST implement an MFA solution for both admin and users. Without MFA your admins will not be able to manage your customers as a delegated admin through Partner Center.

More details about the requirement can be found here.

For more details on how to setup MFA, please refer to https://www.microsoft.com/en-us/microsoft-365/blog/2014/02/10/multi-factor-authentication-for-office-365/

 

Do I need to implement a Multi-Factor Authentication (MFA) solution for all my users associated with Partner Center?

Yes, because the security requirements need to be applied to all users in your partner directory.  To ensure a smooth deployment, you need to identify users in Azure Active Directory that cannot or should not perform MFA, as well as applications and clients used by your organization that do not support modern authentication.

Are my customers required to have multi-factor authentication?

The new security requirements for you as a CSP indirect resellers are to be implemented to access to Partner Center only, so this means your customers are not required to have multi-factor authentication. While it is recommended because of increased security it is not required for customer.

Where can I find out more information about the New Security Requirements for Cloud Solution Provider Partners?

To understand more about what the new partner security requirements for indirect reseller are, please visit the following resources below:

https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-faq

https://docs.microsoft.com/en-us/partner-center/partner-security-requirements

https://www.microsoftpartnercommunity.com/t5/Partner-Center-Security-Guidance/ct-p/partner-center-security-guidance