Helpdesk

Stay tuned — this feature will be live soon!

• Introduction
• Details of the new security requirements
  • Mandatory requirements
  • Recommended (Non-Mandatory) requirements
• What can you expect from the CSP Compliance feature?
  • Overview
  • Insights
  • Reports history
• How to generate a report?

Introduction

Microsoft will soon enforce new security requirements for partners in the Cloud Solution Provider (CSP) program. These requirements aim to protect the Microsoft ecosystem, customers, and partner environments from security threats such as unauthorized access, credential theft, and fraud. 

The compliance is assessed via the Security Requirements Dashboard in the Partner Center, which provides a Security Score (0–100) and tracks mandatory and recommended actions, however this dashboard is not yet accessible to indirect reseller partners (as of July 2nd, 2025).

Starting October 1, 2025, updated eligibility rules apply to direct bill partners, distributors, and indirect resellers.

Learn more

Details of the new security requirements

As of July 2nd, 2025

Mandatory requirements

• Enable MFA for all Administrators on the CSP tenant
• Response to alerts is 24 hours or less on average
  • This requirement does not apply to indirect reseller partners
• Provide a security contact in the Partner Center

Recommended (Non-Mandatory) requirements

• Enable MFA for all Administrators on the customer tenants
• All your customers' Azure subscriptions have a spending budget
• Enable MFA for all users on the CSP tenant

What can you expect from the CSP Compliance feature?

Overview

Whether you're a direct or indirect reseller partner, you can use the CSP Compliance feature to generate a report and get guidance on all new security requirements:

• Clear explanations and links to official documentation
• Concrete actions to implement to achieve compliance
• All available insights related to the requirements, gathered directly from Microsoft (see Insights section below)

• Additional visibility on MFA-related requirements through the MFA Audit feature

Insights

Direct reseller partners will be able to see their Partner security score and all security requirements' compliance states and details.

For indirect reseller partners, due to technical limitations on Microsoft's side, we are currently unable to fetch live data, except MFA-related security requirements insights on the partner tenant.

We are actively monitoring the situation and will expand support as Microsoft updates their platform.

Reports history

You can access the list of previously generated reports from the CSP Compliance home page.

How to generate a report?

1. Go to the CSP Compliance menu in your Office Protect portal.
   
   
2. Select your partner tenant.
   To appear in this list, your tenant must be onboarded in Office Protect, and its Office Protect application must be healthy.
   If there is an issue with the application, you can resolve it from the Health Status page.
   
   
3. Click on Assess Compliance.
    
   
4. You will be redirected to a Microsoft page where you must sign in with a Global Administrator account from your partner tenant. 
   1. If this is your first time generating a compliance report for this tenant, you will be asked to approve the installation of the Office Protect Partner application and accept the required permissions. 
   2. If you've done this before, you will simply need to sign in.
      
      
5. Once the sign-in and approval are complete, you will be redirected to your compliance report.
   • Direct resellers: You will have access to the full report and all available insights.
   • Indirect resellers: Some insights will be unavailable - see the "Insights" section above for details.