At rhipe, our team of CSP experts work hard each month to bring you all the relevant updates from Microsoft. They do the heavy lifting so that you can concentrate on what you do well. This should be bookmarked as your go-to for all CSP updates.
Please find below links directly to the content you are looking for. If there is something that you want covered in these updates, please reach out to one of the CSP team at rhipe and we will endeavour to cater to your needs.
- New Microsoft CPOR and OSU-M365
- New Azure AD admin roles to reduce the number of Global administrators
- Support for Office 2010 is ending - Time to Switch to Office 365 Proplus
- Intune Gets the Long-awaited Makeover
- Ability to Disable Microsoft Teams per License Category in Microsoft Teams Services to be Retired
- Microsoft Teams will Silently Sign in New Users
- Tamper Protection now Generally Available for Microsoft Defender ATP Customers
- Windows 7 extended support update available from December 1, 2019
- (Reminder) New Microsoft Customer Agreement
- (Reminder) Microsoft Partner Agreement is now available for signing in Partner Center
- (Reminder) Business Applications Licensing Changes: Dynamics 365 and Power Platform
- (Reminder) Azure reservations monthly payment options Coming to rhipe CSP
- (Reminder) Microsoft AEP-MEPN Program retirement
- Microsoft security baseline is GA now
New Microsoft CPOR and OSU-M365
From the 1st October:
- Claiming Partner of Record (CPOR)
- New Online Services Usage Incentive program (OSU-M365) for Microsoft 365.
As an eligible Microsoft partner, you will find it easier to create customer associations, plus get rewarded for driving active usage of customers. The program is designed to help you drive usage of Microsoft 365 services with both new and established customers.
The incentive will now be a milestone rather than an annuity-based incentive. This means you’ll be rewarded for achieving one or more usage milestones (for example, 15 percent or 40 percent usage) with the customers and workloads you’re associated to through CPOR.
With this change, you’ll have more opportunities to earn incentives across a wider array of workloads—and receive incentive payments right away.
CPOR and OSU-M365 are in 6 Q&As by rhipe.
1. What is CPOR and when it will be available?
Claim Partner of Record, or CPOR, is a new customer association experience that enables a Microsoft partner to associate their organization to a customer and the individual workloads (Microsoft Teams, for example) they’re assisting customers to deploy or adopt.
For more details refer to pg. 2 of the step-by-step guide.
2. What are the eligibility requirements for partners?
For M365 related qualified services –Cloud Productivity competency (Silver and above)
For Intune, AADP, AIP and MCAS – Enterprise Mobility & Management competency (Silver and above)
Partners will need active MPN. For more details refer to 11 of the step-by-step guide. Enrolment is also required.
Follow the instructions in pg. 9 of the step-by-step guide to enrol to OSU-Microsoft 365 incentive program.
3. What information is required for CPOR association?
i. Partner MPN ID
Customer Tenant ID and initial sub domain
iii. Services in scope for this engagement
iv. Customer contact details
v. Signed agreement or documentation from customer
For more details refer to pg. 4 of the of the step-by-step guide.
4. How does the incentive works?
Partners can earn incentive for 10 qualifying workloads across M365 product suite, including ExOL, Teams, SpOL
Minimum qualifying seats is 150.
Once usage of eligible workloads go from less than 10% at the time of association to 15 above, The partner will receive incentive from Microsoft. For MS Teams, Office Proplus, Intune and AIP, there is additional incentives when customers reach 40% usage milestone (usage < 20% at the time of association).
For more details refer to pg. 8 of the step-by-step-guide.
5. What are thePartner Centre roles required for customer association?
Customer association is performed in Microsoft Partner Centre, and only 2 roles will have permission to view and create customer association:
i. Incentive User
ii. Incentive admin
6. How is Customer association done in PartnerCentre?
A user can get started by logging into the Partner Centre Dashboard and navigating to the Customer Association tab under the Incentives menu.
Select “Create Association,” from the top of the page and follow the prompts to create a new customer association for the workloads the partner is assisting your customer to deploy or adopt.
Follow the steps to create a partner association by entering the details required:
i. Partner MPN ID
ii. Customer Tenant ID and initial sub domain
iii. Services in scope for this engagement
iv. Customer contact details
v. Signed agreement or documentation from the customer.
The instructions and steps for customer association can be found at pg. 5 and 6 of the step-by-step guide.
New Azure AD admin roles to reduce the number of Global administrators
Azure active directory is the heart of identity and access management for both Azure and Microsoft 365 and having a global admin deal just for daily admin-level tasks isn’t something feasible from both security and compliance perspectives. Microsoft has released 16 new directory roles that would allow low privileged users to perform tasks that would normally require global admin privileges.
More information about the new roles can be through the link below: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/16-new-built-in-roles-including-Global-reader-now-available-in/ba-p/900749
Support for Office 2010 is ending - Time to Switch to Office 365 Proplus
Extended support (lifeline) for Office 2010 will end on the October 13, 2020. This gap can be easily filled by Office 365 Proplus, as Proplus is the smarter Office 365 with its advanced capabilities.
Intune Gets the Long-awaited Makeover
If you haven't tried the new Intune portal experience, then you need to do it now. Intune portal is now cleaner and simpler than ever. The logical grouping of all the device management tasks such as device apps users and groups etc. have been placed in a logical and hierarchical manner instead of the previous long list of menu items.
Please find the screenshot below:
Find out more by through the link here: https://devicemanagement.microsoft.com
Ability to Disable Microsoft Teams per License Category in Microsoft Teams Services to be Retired
To align Microsoft Teams with other workloads, Microsoft will be retiring the ability to disable Microsoft Teams for all users of a particular license category. Note: Edu Faculty and Edu Student license categories are excluded from this change.
The retirement will be rolled out gradually to customers starting November 22, 2019 and will be completed by mid-December 2019. Users who were previously disabled for Teams via this option will be enabled for Teams. To continue disable these users for Teams, admins will have to do so via the “Manage Product Licenses” option in the Microsoft 365 Admin Portal Active Users page.
Microsoft Teams will Silently Sign in New Users
Microsoft Teams will soon begin to automatically sign in new users for Microsoft Teams customers on select Windows systems starting late-October, and the rollout will be completed worldwide by mid-December.
Office Users who are already signed into other Office applications with a Microsoft work account can now automatically be signed into Teams.
Microsoft will release this first for PCs running Windows 7, 8 or 10 (Only on versions 1607 or lower). Similar capabilities will come to other Windows versions and other desktop OS in the future.
This experience will only affect fresh installations of Teams. There is no impact to existing users who are already signed into Teams. Furthermore, users who have signed out of Teams will not signed back in automatically.
In some cases, Teams might not be able to pick up the users sign in context automatically, for example the user is not signed into another Office app or to Windows using their Azure AD account. In those cases, these users might still be prompted to enter their credentials. This capability requires that an organization has configured the same Conditional Access MFA policies for Exchange Online and SharePoint Online. It does not require the PC to be domain joined or Azure AD joined.
Tamper Protection now Generally Available for Microsoft Defender ATP Customers
Tamper protection is a new feature designed to protect against malicious and unauthorized changes to security features, ensuring that endpoint security does not go down. Earlier this year, Microsoft rolled out this feature to windows insiders and had been working closely with customers to develop this capability before the G.A. of this new feature.
Enabling tamper protection for enterprises through Microsoft Intune
Tamper protection can be deployed and managed centrally – and securely – through Microsoft Intune, similar to how other endpoint security settings are managed. The feature can be enabled for the entire organization, or through devices and user groups.
For more details about Tamper Protection, please visit the link below:
Windows 7 extended support update available from December 1, 2019
The extended support of Windows 7 is ending on January 14th, 2020. However, for the customers who are still planning the transition from Windows 7 to Windows 10, they would have an option to buy Windows 7 extended security update package under Cloud Solution Providers (CSP) from December 1, 2019.
The prerequisite to buy the windows 7 extended security update (ESU) is that the baseline operating system must be either Windows 7 Pro or Windows 7 enterprise.
More information can be found here: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE3TwaS
(Reminder) New Microsoft Customer Agreement
During Microsoft Inspire 2019, Microsoft announced that from 1 October 2019 Microsoft Customer Agreement (MCAv2) will begin to replace the existing Microsoft Cloud Agreement (MCAv1) for all customers served through the Microsoft Cloud Solution Provider program.
Currently, a customer will need to sign an agreement with Microsoft or partners multiple times when they purchase Microsoft products through different channels or partners. With MCAv2, the agreement terms follow the customer, regardless of the channels or partners, enabling purchasing across channels without the need to resign the same terms. For partners, they can eventually assign the responsibility of managing the agreement signing process, including accountability for customer agreement acceptance and maintaining agreement records, to Microsoft.
October 1, 2019: MCAv2 becomes available- MCAv2 becomes available, however, rhipe partners will continue to use MCAv1 for their customers.
December 1, 2019: Partner attestation- rhipe CSP partners will be able to attest the signing of MCAv2 through PRISM portal. Partners can no longer attest the signing of MCAv1 in PRISM portal.
Early Jan 2020 onwards: Invitation to the signing of MCAv2 in Microsoft 365 Admin Centre through rhipe PRISM portal – Partner can obtain a MCAv2 signing URL from PRISM and invite their customers to review and accept the new MCAv2 in Microsoft Admin Centre through email. Partner attestation option will continue to remain available.
In future, you can also determine whether a customer has accepted MCAv2 (available in early 2020). Customers who have already accepted the agreement through Microsoft are not required to re-sign the agreement.
What does a CSP reseller need to do:
- Review Microsoft Customer Agreement (MCAv2) here.
- Communicate with your customers about the signing of the new MCAv2.
(Reminder) Microsoft Partner Agreement is now available for signing in Partner Center
Effective September 1, 2019, the Microsoft Partner Agreement (the new version of the Cloud Solution Provider program partner agreement) will be available to all regions on Partner Centre, replacing existing CSP partner agreements.
As part of this new enhanced process, all CSP indirect resellers will need to accept the Microsoft Partner Agreement in Partner Centre digitally by January 31, 2020 to transact in the CSP program.
(Reminder) Business Applications Licensing Changes: Dynamics 365 and Power Platform
Effective October 1, 2019, Dynamics 365 Customer Engagement Plan, Unified Operations Plan and Dynamics 365 Plan SKUs will be retired. Dynamics 365 will be moving away from multi-application, one-size-fits-all Customer Engagement (CE), Unified Operations (UO), and Dynamics 365 Plans to individual application licensing. The a la carte licensing model will allow customers to subscribe to the applications that align with their functional roles and scenarios and add or remove applications as their company grows and changes over time.
The changes are as follow:
- Customer Engagement, Unified Operations, and Dynamics 365 Plans will no longer be offered. Individual Dynamics 365 Customer Engagement and Unified Operations apps will be available for subscription as Base and Attach licenses. You ought to purchase base licenses before purchasing attach licenses.
- New PowerApps and Flow plans will be introduced, including a per app plan and a per flow plan. The PowerApps per app plan will allow individual users to run applications for a specific business scenario, while the Flow per flow plan will allow customers to implement critical workflows with reserved capacity. With the PowerApps and Flow per user plans individual users will be able to run an unlimited number of apps or workflows.
- New PowerApps Portals login capacity add-on and Portals page view capacity add-on will be available for external users of PowerApps Portals.
In term of pricing, the price of the base App SKUs remains largely unchanged (price below in USD).
Additional resources (licensing) can be found below:
- Customer Engagement and Unified Operations change FAQ:
- Business Applications licensing updates – Field and partner web conference presentation (August 29, 2019):
- Business Applications licensing model changes web conference recording:
- Fall 2019 licensing update readiness schedule:
- PowerApps and Flow licensing FAQ:
- PowerApps and Microsoft Flow licensing update presentation deck:
- Power Platform licensing changes FAQ:
Additional resources (operations)
(Reminder) Azure reservations monthly payment options Coming to rhipe CSP
Microsoft announced the availability of a new monthly billing option for customers and partners to pay for Azure reservations with more flexibility at no extra cost. Today, customers and partners enjoy significant cost savings from reserving their Azure needs in advance, but it only allows upfront payment at the time of purchase.
Going forward, all customers and partners can enjoy the same cost benefits from making their 1- and 3-year commitments as they have before, with the added flexibility of paying either upfront at the time of purchase, or each month for the length of the term at no additional cost. With these two payment options, customers and partners can purchase Azure reservations easily and can continue to scale efficiently on their journey with Azure.
With the addition of new monthly billing option, Azure reservations will be available in the following combinations:
- 1-year commitment – Paid upfront
- 3-year commitment – Paid upfront
Coming to rhipe CSP in October:
- 1-year commitment – Paid upfront or monthly
- 3-year commitment – Paid upfront or monthly
(Reminder) Microsoft AEP-MEPN Program retirement
The Microsoft Authorized Education Partner (AEP) program, where Microsoft partners get certified via training to transact academic licenses to education customers is being discontinued as of October 1, 2019. This coincides with the distribution of the updated Microsoft Partner Agreements (MPA) being sent to partners and distributors for signature on the same day.
As a result of the retirement, the AEP certification is no longer required.
All rhipe CSP resellers are still required to confirm their customer’s eligibility, as defined by the Microsoft Qualified Education Users documentation, for academic purchases. You may ONLY transact academically priced licenses to academic institutions as defined in the documentation. Although the AEP-MEPN program is now retired, you are still required to request us to release CSP academic pricelist to you to view the pricelist in the PRISM portal.
Microsoft security baseline is GA now
The Windows MDM security baselines are now generally available. The security baseline consists of numerous industry-standard configurations, which is developed by security professionals globally. These settings are updated at regular intervals to fit the ever-changing business needs.
The security baselines policies live in the cloud and can be deployed within minutes. For an organization using on-prem group policy, it's easier to migrate policy management to the cloud with the help of baseline policies already available in the Intune portal. The security baseline also has inbuilt versioning feature which can swap the baseline version of one policy with the other.
Please refer to the documentation below to find out more on Security baseline: https://docs.microsoft.com/en-us/intune/
This rhipe monthly CSP blog is brought to you by the rhipe marketing team and our CSP Partner Enablement Specialists.
To stay up to date with what’s happening in the Microsoft CSP program, we will strongly encourage you to also join the Microsoft CSP licensing update call: https://commercial_licensing.eventbuilder.com/YearToDate_ALL
If you have any question, please contact the rhipe S&E CSP team through email, Twitter or LinkedIn below.