Microsoft is introducing new compliance requirements for CSP Indirect Resellers. These updates aim to strengthen partner security and ensure operational readiness. To remain authorized and continue transacting, please review and meet all the requirements outlined below.
At least USD1,000 in CSP transactional revenue during the preceding 12 months at the reseller Partner Local Account (PLA) tenant level.
- If a reseller's trailing-12-months (TTM) revenue for their CSP tenant is less than USD1,000, the tenant is subject to deauthorization.
- The partner can no longer transact as a CSP indirect reseller at that business location.
Complete all mandatory requirements of Partner Center security score.
- Enable MFA for all administrative users.
- Designate a security contact within Partner Center.
These requirements are validated annually during the anniversary month of your original CSP onboarding.
- Active MAICPP membership
- Valid PLA ID linked to business address
- Authority to accept/sign legal agreements
- Minimum USD 1,000 in CSP revenue (12-month trailing)
- Completed mandatory Partner Center security score
Understanding the Security Score
Use the dashboard to monitor and improve your security posture. It provides:
- A score from 0–100
- A list of mandatories vs. recommended actions
- Insights into what’s complete or still pending
Enable MFA for All Administrators
Score Impact: 20 points
Implementation Steps:
- Ensure every admin user is covered by the MFA requirement.
- Protect key roles such as Global Administrator, Billing Administrator, and Security Administrator.
- Use Microsoft 365 MFA wizard or Conditional Access policies.
Provide a Security Contact
Score Impact: 20 points
Implementation Steps:
- Populate the email, phone number, and name of the individual or group responsible for responding to security incidents.
Response to alerts is 24 hours or less on average
Score Impact: 10 points
Implementation Steps:
- Configure a Partner Center for security contact.
- Maintain an incident response playbook.
- Specify a reason code for each alert.
CSP Requirement Updates at a Glance
Highlighted cells indicate new or updated changes.
New indirect reseller — effective October 1, 2025
- Starting October 1, newly enrolled resellers will not be required to meet the revenue requirement until they have completed 12 months under indirect reseller authorization.
Existing indirect reseller — effective October 1, 2025
- If an existing indirect reseller does not meet all eligibility thresholds:
- Partner is not eligible to remain an authorized CSP partner.
- Offboarding and deauthorization protocols will take effect.
- Partner is eligible to reapply 12 months after offboarding.
Future Requirements Preview
The "Future Requirements" section in the Partner Center highlights upcoming actions that may soon affect your security score.
Completing them early helps improve your readiness and overall score.
Need Help?
For questions, support, or assistance meeting these requirements:
