Microsoft Partners can no longer use 3rd party MFA on their tenants

[Sky-Knight]

Partner security requirements - Partner Center

Introduces partner security requirements to enable multifactor authentication (MFA) and adopt the Secure Application Model framework - Account settings workspace.

docs.microsoft.com

Glad I didn't do the DUO thing, and hopefully there's no one here that's doing so on their own tenant... because if they are, delegated admin stuff wills top working TOMORROW!

 

[britechguy]

From cited page:

• Article
• 02/24/2022
• 12 minutes to read

If this was literally just announced on 2/24/2022 and they're pulling the rug out from under people using alternatives this quickly, Microsoft will have PR hell to pay. And they'll deserve to have to pay it.

If, however, this is a follow-up to something those who needed to know were told long ago, that's a different story.

 

[mikeroq]

From cited page:

• Article
• 02/24/2022
• 12 minutes to read

If this was literally just announced on 2/24/2022 and they're pulling the rug out from under people using alternatives this quickly, Microsoft will have PR hell to pay. And they'll deserve to have to pay it.

If, however, this is a follow-up to something those who needed to know were told long ago, that's a different story.

From the wayback machine, March 1st 2021. Article dated October 2020.

Partner security requirements are enforced by Azure AD, and in turn Partner Center, by checking for the presence of the MFA claim to identify that MFA verification has taken place. Starting November 18, 2019, Microsoft activated additional security safeguards (previously known as “technical enforcement”) to partner tenants.

Upon activation, users in the partner tenant are requested to complete MFA verification when performing any admin on behalf of (AOBO) operations, accessing the Partner Center portal, or calling Partner Center APIs. For more information, see Mandating Multi-factor Authentication (MFA) for your partner tenant.

Partners who have not met the requirements should implement these measures as soon as possible to avoid any business disruptions. If you are using Azure Multi-Factor Authentication or Azure AD security defaults, there are no additional actions you need to take.

Partner security requirements - Partner Center

Introduces partner security requirements to enable Multi-factor Authentication (MFA) and adopt the Secure Application Model framework.

web.archive.org

You can go further back to 2019 even.

And this page https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-mandating-mfa
Page dated May 2020: https://web.archive.org/web/2020081...r/partner-security-requirements-mandating-mfa

The intent of this feature is to help partners secure their access to customer resources against credentials compromise. Partners are required to enforce Multi-factor Authentication(MFA) for all user accounts in their partner tenant including the guest user, with this feature these partner roles will be mandated to complete MFA verification for the following areas:

• Partner Center Dashboard (Starting May 1, 2020)
• Partner Center API (Starting May 1, 2020)
• Partner Delegated Administration

 

[britechguy]

Well, this is not an area I'm inclined to heavily research. I am relieved that this is not one of those "last minute things" that Microsoft does pull every once in a very great while.

 

[Sky-Knight]

I was unaware of the 3rd party component, at least to my memory. But it's entirely possible I did know that, and made the decision to use MS MFA entirely way back and forgot. After all there are only so many details one can actively track.

So this post should be seen more as a reminder that if you use DUO or something similar on your partner enabled tenant, the delegated admin stuff will stop working tomorrow.

Microsoft HAS been cracking down on partner security requirements over the years, so this idea isn't "new".