The following must be available and configured before the installation process begins.
|For 1-Tier (Direct Bill) partners only:
A separate account in Partner Center ([email protected]) should be created.
|The integration account with Partner Center should be assigned an ‘Admin Agent’ role in Partner Center. MFA for this account must be enabled (see below). A Dynamics 365 license for this account is not required. Register the MFA by going to https://aka.ms/mfasetup
More information available at:
MFA must be enabled for the tenant (see below), however the integration account must have MFA enforced. In order to enforce MFA for the integration account...
- Login to the Azure Active Directory portal https://aad.portal.azure.com
- In the left menu, click on Users → All Users.
- Click the Per-user MFA option on top of the user list.
- Locate the integration account on the multi-factor authentication screen.
- Check the selection checkbox next to the integration account name and click the Enable link. If this option is not visible, then MFA is already enabled - proceed to step 7.
- Click the enable multi-factor auth button on the confirmation popup.
- Locate the integration account once more and check the selection checkbox. Click the Enforce link.
- Click the enforce multi-factor auth button on the confirmation popup.
- The MULTI-FACTOR AUTH STATUS column against the integration account should now show as Enforced.
If your tenant has Azure AD Premium Plan 1 (or higher) or Enterprise Security + Mobility (EMS) plans, it is highly recommended to assign these licenses to your integration user before proceeding with MFA enablement. The planning and rollout of MFA across your tenant are not in the scope of this article. Work with your IT team to plan and deploy MFA across the organization.
Work with your IT team to ensure that you are compliant with the Microsoft security requirements coming into effect on August 1, 2019. More information on this can be obtained from https://docs.microsoft.com/en-us/partner-center/partner-security-requirements and https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-faq
The policies may take a few minutes to kick in and hence it is advised to wait for about 5-10 minutes after enabling any policies on the Azure AD tenant and before proceeding with the integration on Partner Center.