With trust as the foundation of our business at Microsoft, security and compliance are at the heart of everything we do. Our partners play a key role in strengthening customer trust and enhancing the security posture of our entire ecosystem. Comprehensive security also presents a significant opportunity for every partner to drive efficiency, grow their business, and reach more customers.
To make this opportunity a reality, we’re committed to enhancing the partner experience by providing you with ongoing updates and resources to help keep your organization (and customers) safe. By ensuring our partners are capable and compliant, we can continue to improve the way our customers do business with us and drive meaningful outcomes—together.
In FY25, we introduced End of Sale (EoS) scheduling for billing frequency changes in the Partner Center UI and application programming interface (API) to give partners more flexibility and control. We started to block unused Microsoft Azure subscriptions to reduce potential security risks to Azure accounts. We also released the security requirements API (available in beta) that gives partners direct access to essential security data so they can easily track the requirements needed to retain their Cloud Solution Provider (CSP) authorization.
Additionally, billing reconciliation v1 APIs were retired and replaced by the asynchronous v2 APIs, which offer significant advancements in how we handle billing and reconciliation data access. And all billed usage and reconciliation files are now delivered in .CSV.GZIP format to assist with faster and more efficient downloads.
As we announced in April, there will be several critical API changes over the next few months that require urgent action from your team.
In this blog post, we’ll help you understand these changes and what your team needs to do to avoid disruption to business operations and sales. Be sure to share these details, launch dates, and readiness resources with your technical teams so they can prepare and implement the necessary updates.
Upcoming API changes and resources
August 30: Partner Center multifactor authentication required
To enhance security, multifactor authentication (MFA) will be enforced for all pages in the Partner Center portal and for API access.
- MFA will be enforced for all pages in the Partner Center portal starting August 30, 2025.
- The API will be code-ready for MFA on September 30, 2025.
- MFA will be mandatory for API access starting April 1, 2026.
Adopting these updates promptly will help avoid service disruptions and ensure your systems stay aligned with Partner Center’s security standards. Learn more about MFA, APIs, and other security standards.
August 31: Action required: Graph.windows.net audience tokens retiring
To enhance our security measures, all Partner Center services that use the Azure Active Directory graph API will migrate to api.partnercenter.microsoft.com.
If you use the generateToken API, stop decoding the token in the API response and remove dependency on any of the claims in the token that the API returns. A new version of the generateToken API is available.
Take the necessary steps to update your systems before August 31, 2025, to avoid disruption of business. Learn more about how to prepare for this transition on the Deprecate Azure AD graph token article on Microsoft Learn.
September 1: Change to Partner of Record API enforcement date
We're updating the Partner Location Account (PLA) API and UI in Partner Center to ensure CSP distributors (formerly indirect providers) assign active, compliant indirect resellers as Partner of Record (POR) for new subscription orders.
To give distributors and indirect resellers additional time to adapt and ensure compliance with reseller authorization requirements—and prevent potential service disruptions such as blocked transitions by unauthorized or noncompliant resellers—we are rescheduling the implementation of the updates to September 1, 2025.
To prepare for this update, distributors should use the Insights dashboard to identify invalid PORs and work with those resellers to correct the issues or establish their replacements before September 1, 2025, to avoid disruption of business.
Indirect resellers should make sure they have an active CSP tenant associated with an authorized PLA ID, have accepted the Microsoft Partner Agreement (MPA) for indirect resellers, and are working with a distributor in their own CSP region.
January 5: Microsoft Customer Agreement partner attestation blocking changes
We gained valuable feedback during our partner community Q&A sessions. Based on that feedback, we’re now giving you until January 5, 2026, to adopt our enhanced Microsoft Customer Agreement (MCA) partner attestation API and are moving the retirement date of the current MCA attestation API and Partner Center UX attestation process to January 5, 2026.
To encourage the transition to the new API, it will be in production and available for use on July 10, 2025. Both v1 and v2 APIs will run in parallel from July 10, 2025, to January 5, 2026. This includes the UX experience in Partner Center. These updates mean you have more flexibility to move to the new API.
Currently, CSP distributors and direct bill partners can attest to the MCA acceptance by their customers in three ways: using an API, the Partner Center UX, or the MCA bulk attestation tool. On January 5, 2026, the current API and the Partner Center UX will be retired, and the MCA will only be accepted in two ways:
- A new, enhanced partner attestation API
- Direct customer acceptance
In addition, on October 7, 2025, the MCA bulk attestation tool will no longer perform bulk attestations and will have a read-only capability. The bulk tool will be completely retired in January 2026.
If partners don’t integrate the enhanced API by January 5, 2026, their net new customers will need to directly accept the MCA through the Microsoft 365 admin center before placing an order. Partners who are using the current attestation process or who are having their customers directly accept the MCA will not need to have their customers reaccept the MCA. Only net new customers for whom you want to attest will be impacted by the changes. Learn more about the changes and API integration.
A secure future starts with us
To avoid technical and business disruptions, it’s critical that your organization implements these changes by their respective dates.
If you need assistance with these changes, register for one of our regular Office Hours calls. You can attend the live discussion or listen to the on-demand recording to receive answers to your questions.
As we continue working toward a safer and more secure future together, your ongoing support and cooperation are essential to keeping our products and processes secure and compliant. And with a secure and compliant partner ecosystem, your organization is better equipped to drive operational efficiency, scale your business, and achieve more.
We deeply appreciate your help in making this transition as smooth as possible so we can continue to build a more secure and efficient partner ecosystem—and safer solutions for customers.