Important actions to secure the partner ecosystem
Starting in March 2024, Microsoft will enable security defaults on all CSP partner tenants that haven’t already enabled security defaults, conditional access, or a third-party MFA solution. We recommend that partners turn on security defaults immediately if needed.
Multifactor authentication (MFA) is shown to significantly reduce the risk of account takeover, and Microsoft has a goal of 100 percent multifactor authentication. Security defaults make it easier to help organizations from identity-related attacks like password spray, replay, and phishing common in today’s environments. Microsoft makes these preconfigured security settings available to everyone, and they enable a basic level of security at no extra cost, including requiring MFA for all users and administrators.
- The Compliance admin role in Partner Center is intended to help partners authorize a point of contact they want Microsoft to engage with for compliance-related matters. Ensure this role has been assigned to someone in your company and that the point of contact is kept current as change happens within your company. To learn more, see Compliance admin role in Partner Center.
- Partner MFA statistics – To help you better understand how well your tenant is secured and where action needs to be taken, we’ve created an MFA reporting page. The article: Security at your organization – Multifactor authentication (MFA) statistics provides valuable insights that will help you take timely action to enable MFA for all your users, ensuring that your environment is as secure as possible.
- Device management will require GDAP relationships starting January 31, 2024. To ensure a seamless experience, Microsoft recommends the Directory Reader as the least privileged role for this action. Review how to upload devices to a new batch, update devices with a policy, and upload devices to an existing batch for more details.
In order for a partner to access and manage a customer tenant, their app’s service principal must be consented in their customer tenant.