In the last few months, Microsoft® has been ruffling their Partners’ feathers by proposing a series of startling changes to their Partner Network. Following a failed attempt to cut internal use rights (IUR) support for smaller MSPs, Microsoft has recently tightened restrictions on their Partner Network with an increased level of network security required:
- “Starting August 1, 2019 all partners are required to enforce multi-factor authentication for all users, including service accounts, in their partner tenant.”
At JumpCloud®, some of our Partners are also Microsoft Partners, and we’ve fielded questions concerning how the increased MFA requirements could influence JumpCloud’s Azure Active Directory / Office 365™ authentication flow. Let’s look to understand the details of this MFA requirement, why Microsoft is doing it, and further explain the Office 365 authentication flow for Microsoft Partners who also use JumpCloud.
New Microsoft Partner Security Requirements
First of all, what was Microsoft’s reason for enforcing each user to have MFA for every single authentication? “The highly privileged nature of being partner.” Actions required for Partners to enforce MFA include one of the following paths:
- Implement Azure AD® Premium and ensure that MFA is enforced for each user
- Implement the baseline protection policies
- Implement a 3rd-party solution and ensure MFA is enforced for each user
Now, maybe you’re thinking through your product stack and client environments, and asking yourself, “what are the real implications here?” In their partner tenant, Microsoft Partners need to identify their clients’ users, applications, and devices that do not support modern authentication. Any legacy protocols, such as IMAP, POP3, SMTP, etc., will be blocked in the partner tenant because these protocols cannot support MFA. This will require some extra work on the Partners end, but ultimately, it’s a more secure process.
Office 365 Directory Sync Authentication Flow
For those Microsoft Partners who are also JumpCloud Partners and may be concerned with how this will interfere managing Office 365, there’s really no cause for alarm here. The authentication flow for the Office 365 directory sync remains unobstructed, regardless of Microsoft’s MFA (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by George Lattimore. Read the original post at: https://jumpcloud.com/blog/microsoft-partner-network-tightens-mfa/