Control Panel Vendor Program
Microsoft recently announced new mandatory security requirements that tackle potential security risks from unauthorized access to the Microsoft Partner Center, the CPV program. A Control Panel Vendor (CPV) is an independent software vendor that develops applications for use by Cloud Solution Provider (CSP) partners to enable them to integrate their systems with Partner Center APIs.
The new security model from Microsoft is based on the requirements:
- CPV Vendors and the tenants cannot store credentials
- API based access must provide the purpose of impersonating credentials to access partner center
- Use a consent framework to receive permissions
- The systems and CPVs must be able to support any future requirements
- Both human and system admin CPV users must use multi-factor authentication to access the partner center
Direct Partners and In-Direct Partners using Work 365 have varying uses:
The Figure 1 above shows how Partners and users access the Partner Center and Services and subscriptions for their Customers. Work 365 (CPV) is the automation and control system between the partner center that ultimately leads to the provisioning of services and a financial impact from Microsoft.
Lost credentials (or claims of lost credentials, including sharing of credentials within a partner organization) can result in the provisioning of unauthorized services. Many CPVs are SaaS applications and need to store the credentials within their systems, which represents a potential security risk.
What is the Work 365 Advantage?
Built on Azure Active Directory
Microsoft built its platform on Azure AD, Office 365, CRM, Partner Center all leverage Azure AD and So does Work 365. One consolidated platform to manage user identities, prevent ‘leakage’, sleep better.
Built on Dynamics 365
The CSP business changes rapidly – change or your customers will. Dynamics 365 is a platform – extensibility is a core tenet. Work 365 inherits the capabilities of the platform, making it a truly extensible platform. Adapt to a rapidly evolving business landscape
Designed to keep you in control
In stark contrast to competitors, Work 365 is not a custodian of your data – the data resides with you. Work 365 is a set of services designed to operate on your data at its rightful place. You control who has access and how much
One version of the truth, your version!
Consolidate your business data in a single location. Enrich your data with integrations (Partner Center, distributors, ERP systems). Leverage the rich self-reporting capabilities of Dynamics 365 (Advanced Find, Dashboards, Charts) to quickly highlight what’s important or find what’s amiss.
Work 365’s fundamental architected to comply and meet the security requirements.
- All the data is stored directly in the Dynamics 365 tenant
- All the access permissions are managed by the Partner’s AD. The end user controls who has access and roles.
- Work 365 uses the consent framework to manage security and permissions.
Work 365’s version 2.1 security enhancements allow a CSP to control access and permissions through the Dynamics 365 security model. Because this model is tied to the partner’s Azure ID in order to use Work 365, no third-party system is required.
Work 365 then accesses the Partner Center through a flexible provider model.
How Work 365 Gets Consent for CPVs
- Using the Provider configuration model, you can specify Identification information to your Partner Center ID. Work 365 generates a “get consent link”.
- Users can use the link to login with the credentials for the Admin agent and provide consent for the application to manage the subscriptions.
- Once you provide consent, credentials are cleared from the system settings.
Work 365 enables CSPs to satisfy the new CPV security requirements regardless of direct or indirect partner status. Read more about how Work 365 can help with your recurring billing and payment collections under the latest CPV program.