Enabling the Secure Application Model framework

Applies to:

  • Partner Center

Microsoft is introducing a secure, scalable framework for authenticating cloud solution provider (CSP) partners and control panel vendors (CPV) through the Microsoft Azure multi-factor authentication (MFA) architecture.

You can use the new model to elevate security for Partner Center API integration calls. This will help all parties (including Microsoft, CSP partners, and CPVs) to protect their infrastructure and customer data from security risks.


This topic concerns the following actors:

  • CPVs
    • A CPV is an independent software vendor that develops apps for use by CSP partners to integrate with Partner Center APIs.
    • A CPV is not a CSP partner with direct access to the Partner Center dashboard or APIs.
  • CSP indirect providers and CSP direct partners who are using app ID + user authentication and directly integrate with Partner Center APIs.

Security requirements

For details on security requirements, see Partner Security Requirements.

Secure Application Model

Marketplace applications need to impersonate CSP partner privileges to call Microsoft APIs. Security attacks on these sensitive applications can lead to the compromise of customer data.

For an overview and details of the new authentication framework, download the Secure Application Model framework document. This document covers principles and best practices to make marketplace applications sustainable and robust from security compromises.


The following overview documents and sample code describe how partners can implement the Secure Application Model framework: