Enable secure application model
- Partner Center
Microsoft is introducing a secure, scalable framework for authenticating cloud solution provider (CSP) partners and control panel vendors (CPV) through the Microsoft Azure multi-factor authentication (MFA) architecture. You can rely on the new model to elevate security for Partner Center API integration calls. This will help all parties including Microsoft, CSP partners, and control panel vendors to protect their infrastructure and customer data from security risks.
This topic concerns the following actors:
- Control panel vendors (CPV) - A control panel vendor is an independent software vendor that develops apps for use by CSP partners to integrate with Partner Center APIs. A control panel vendor is not a CSP partner with direct access to the Partner Center dashboard or APIs.
- CSP indirect providers and CSP direct partners who are using app ID + user authentication and directly integrate with Partner Center APIs.
Security requirements FAQ
For answers to frequently asked questions about this change to multi-factor authentication, download the Security requirements FAQ document.
Secure application model
Marketplace applications need to impersonate CSP partner privileges to call Microsoft APIs. Security attacks on these sensitive applications can lead to the compromise of customer data.
Download the Secure application model document for an overview and details of the new authentication framework. This document covers principles and best practices to make marketplace applications sustainable and robust from security compromises.
How to for control panel vendors (CPV)
How to for cloud solution provider partners (CSP)
Download the CSP overview document and sample application for cloud solution provider partners for an example of how to implement multi-factor authentication in your Partner Center app.
Implement multi-factor authentication
Getting past multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. For more information, see How it works: Azure Multi-Factor Authentication.