Staying ahead of evolving security standards and compliance requirements is about more than just protecting your organization. It also positions you to deepen customer trust, generate new business opportunities, and accelerate your ability to deliver high-value solutions, including AI transformation.
To support that, we are introducing updates to Partner Center and across the APIs your teams use every day. These changes are designed so you can stay ahead of regulatory and technical requirements, reduce risk, and avoid disruption to your operations and customer transactions. We are also extending some effective dates for these updates to give you time to prepare.
With these enhanced security standards in place, you can lead with confidence on the AI frontier and give your teams the tools they need to be prepared, protected, and positioned to stand out.
Recent improvements to keep your business secure, compliant—and growing
Over the last few months, we’ve released updates designed to strengthen security and streamline processes:
- On September 15, 2025, the Security workspace rollout began for Cloud Solution Provider (CSP) indirect resellers. All indirect resellers will have access in the coming weeks. The workspace supports partners looking to strengthen their security posture and meet the new CSP authorization requirements. It also provides actionable insights and guidance in mitigating risks and building customer trust.
- The new API for Microsoft Customer Agreement (MCA) attestation is live, with a deadline of January 5, 2026, for adoption (see more details below).
- Multifactor authentication (MFA) is now rolling out in the Partner Center portal. Prompts to enable MFA will appear in the coming weeks.
- Deprecation of Graph.windows.net audience tokens has started, with services migrating to api.partnercenter.microsoft.com. Migrating as soon as possible will help you avoid service disruptions and keep your focus on customers.
Upcoming API and technical changes
Several API and technical updates are scheduled over the next months, with some deadlines extended to give partners more time to prepare and comply. Each of these changes is designed to safeguard data, optimize performance, and improve integration across partner and customer experiences.
December 1, 2025: Deadline to change to Partner of Record (POR) assignment for CSP resellers
Previously slated for September 1, 2025, updates to the Partner Location Account (PLA) API and UI in Partner Center will now go live on December 1, 2025, to ensure indirect resellers and distributors have sufficient time to prepare for this change. This update will ensure compliance with CSP POR policies and make it easier for distributors to assign active, compliant indirect resellers as POR for new subscription orders. Explore POR readiness resources to enhance your compliance efforts.
January 1, 2026: MFA is enforced in VLC
To protect you and your customers and tenants from identity theft and unauthorized access, we are mandating MFA for VLC. Users without MFA enabled will be unable to access the portal, with a structured change management process in place for partners. This mandate strengthens VLC’s security posture, safeguards sensitive data, and supports compliance with industry best practices.
January 5, 2026: Deadline extended for adopting the enhanced MCA partner attestation API
To allow more flexibility and give you time to plan, test, and integrate the new API into your systems, we’re extending the deadline to adopt the enhanced MCA partner attestation API until January 5, 2026. On this date, the legacy API for MCA attestation and the attestation process via Partner Center UX will be retired.
To support a smooth transition and provide a window to migrate without disrupting operations, the enhanced (v2) API, which launched July 10, will run in parallel with the current (v1) API until the deadline. Also, starting October 7, 2025, partners who accepted the MCA for their customers via attestation before April 1, 2023, and haven't reattested for those customers, will be blocked from completing certain Partner Center actions including new purchases, quantity increases or decreases, term duration or billing plan changes, and upgrades.
Additionally, the MCA bulk attestation tool shifted to read-only mode on October 7, 2025, and will be fully retired on January 5, 2026.
Currently, CSP distributors and direct bill partners can attest to MCA acceptance using an API, the Partner Center UX, or the MCA bulk attestation tool. Starting January 5, 2026, MCA attestation will only be accepted via the enhanced partner attestation API or direct customer acceptance. There is no change to the direct customer acceptance route of attestation. Learn more about the changes and API details.
March 15, 2026: Deadline to migrate to billing reconciliation API v2
To optimize billing API performance, Microsoft is upgrading its Partner Center billing system by replacing the legacy synchronous API with the new asynchronous API v2 using Microsoft Graph for unbilled invoice reconciliation. This marks the final phase of billing API migrations, following three prior upgrades.
CSP partners must migrate to API v2, adopt the new request-reply pattern using shared access signature (SAS) tokens, and update their systems to consume from Graph API by March 15, 2026.
April 1, 2026: Switch to the code-ready MFA for API access
To enhance security, MFA will be enforced for Partner Center APIs starting April 1, 2026. The API integration is now code-ready for MFA, so you can update your code today to avoid service disruptions and ensure your systems stay aligned with Partner Center security standards.
Learn more about MFA, APIs, and other security standards.
Protect your business continuity and strengthen customer trust
Preparing for these changes now will minimize disruptions and position your business for long-term success. By aligning with the latest Microsoft security and compliance standards, you protect your operations, strengthen customer trust, and enable new opportunities to grow and scale with secure, reliable engagements.
If your teams have questions, regular trainings are available live or on-demand with Microsoft experts. You can also learn more about how we’re addressing cybersecurity risks through our Secure Future Initiative (SFI).
We appreciate your continued partnership and collaboration as we work together to create a more secure and efficient environment for partners and customers alike.