Microsoft putting Customer Tenant Security First


Microsoft is making a number of changes to its Cloud Platform, not just around the New Commerce Experience which is changing how customers are charged for and how they purchase Microsoft Cloud products, but there are also changes coming to control Partner access.

Microsoft has now developed and is rolling out changes to its Delegated Partner Administration, meaning that you, the customer, are now in the driving seat when it comes to allowing Partners access to your Microsoft Cloud Services within your Microsoft 365 Tenant.

Up until recently, it was a very simple choice, you either granted a Partner full access or no access to your Microsoft Cloud Products.  This meant that Partners who had full administrative access to your Microsoft 365 Tenant but didn’t provide support or licences for Office 365 or Dynamics still had the ability to go in and administer these other products and services…but this is finally changing!

Microsoft has always allowed multiple Partners to access the administrative centres, but this change now allows Partners to request granular access for specific services, so using the above example, m-hance could request access to administer Dynamics 365 but not Office 365 if we didn’t provide you with those services or licences.

One of the other insightful ideas that Microsoft has rolled out as part of this new feature is that it has introduced a time-bound limit, so the Partner can request administrative access for a specific time period between 1 day and 2 years – this means that you have the ability to allow access for the term of a contract or even a short-term project.

There are a few other welcome introductions as part of this rollout, one is the email notifications that Microsoft has made available to customers and Partners, meaning that both are notified when administrative rights are due to expire or due for renewal.  The other key one, from a security perspective, is auditing. Microsoft has also given the Partner and the customer the visibility to audit the sign-in activity of Partners into Customer Tenants.

Currently, this is only supported for specific Microsoft Cloud Products, but Microsoft is committed to rolling this out further, giving you back the control over which Partners have access to your data and services and for how long.

More information on these changes can be found here.  If you have any questions about these new features, feel free to contact us where a member of our team will be happy to advise or Microsoft has published a useful FAQ page, which is available here.