Back to news

Action Required – CSP Program New Mandatory Security Requirements

Last week all Microsoft Cloud Solution Providers (CSPs) received a message about new Microsoft security requirements that need to be implemented before February 4th, 2019. This stems from the increasingly frequent security breaches and fraud incidents within the industry. The short time period in which these new requirements are to be implemented suggests something has gone terribly wrong, making the tightening of security a priority.

Huge impact on CSP partners

This has a huge impact on partners within the CSP program that are conducting transactions with help from CSP capabilities and partner center APIs (Indirect Providers, Direct CSP Partners, and CSP-Indirect Resellers). It also impacts control panel vendors that use integration solutions with the partner center API.

Consequences for Microsoft integration solutions

Microsoft is obligating the tightening of security requirements. This helps protect partners and customers within the CSP ecosystem from unauthorized access to CSP functions within the partner center. A valid reason to expand Microsoft’s secure application model to the partner ecosystem, but with the result that many integration solutions belonging to CSP Direct Partners and CSP Indirect Providers will stop working or become invalid.

The new security requirements consist of:

Implementing a new, secure application model to integrate with partner center APIs. Implementing Multi-Factor Authentication (MFA) for access to CSP functions and partner center APIs. These requirements will ensure all parties, including CSP program partners, control panel vendors, and end-customers, will be able to better protect their infrastructure and customer data against potential security risks such as theft and other cases of fraud.

The Spinpanel solution

Spinpanel is one of the few control panel vendors (CPV) built entirely on the Microsoft Azure platform and already supports the new Microsoft secure application model to integrate with APIs in the Microsoft Partner Center. This will allow for the adoption of Multi-Factor Authentication (MFA) to access the Microsoft Partner Center API and CSP capabilities. “This is exactly the reason why we work with an organization such as Spinpanel. We don’t need to worry about having to re-code an entire API integration. It’s simply taken care of in a short period of time. It ensures that we can stay on track with our Microsoft Cloud and license management and our strategical business operations.” February 4th As of February 4th 2019, partners who do not comply with these security requirements will not be able to use the partner center APIs to complete transactions. Spinpanel offers a fast and flexible solution. Interested? Please contact Koen Nicolasen at


Spinpanel is a multi-tier and multi-tenant solution to help you manage, deploy, and monitor Microsoft licenses and Cloud solutions through one central platform. SpinPanel has, from the very start, adopted the Azure Active Directory consent framework which makes it possible to access SpinPanel services with the principle of least privilege. Spinpanel only requires user consent and if needed, SpinPanel explicitly requires the admin of the end-customer to consent. This ensures customers own their data and control how it’s used.

Share this article:

You may also like:

Press release: Spinpanel announces merger with Nubo Service Automation
Latest news