Partner Security

Requirements

Frequently Asked Questions (FAQ) Version 1.0

Last updated June 25, 2019

Page 1

Partner Security Requirements

Revision Sheet

Change Record
Date Author Version Change Reference
25 June 2019 Operations 1.0 Announcing the partner security requirements.
Readiness

Page 2

Partner Security Requirements

Table of Contents

1 Introduction ............................................................................................................................................ 6
What are the new partner security requirements? .............................................................................................6

Which partners need to meet the requirements? ...............................................................................................7

What are the key timelines and milestones? .......................................................................................................7

What will happen if I do not take any actions? ...................................................................................................7

Why is Microsoft enforcing these new requirements? .......................................................................................7

Does this apply to all geographies? .....................................................................................................................8

2 Required Actions ................................................................................................................................... 9

What are the key actions I need to take to meet the requirements? ...............................................................9

3 Multi-Factor Authentication (MFA) FAQs................................................................................... 11

What is MFA? .........................................................................................................................................................11

What are baseline protection policies? ..............................................................................................................11

What baseline policies must I enable? ...............................................................................................................11

How do I enable the Require MFA for admins policy? .....................................................................................12

How do I enable the End user protection policy? .............................................................................................12

Will the baseline policies be automatically enabled? .......................................................................................12

What is the cost of enabling MFA? .....................................................................................................................12

If I already have an MFA solution, what actions do I need to take? ...............................................................12

What verification method can I use to authenticate MFA? .............................................................................13

Who should implement the Secure Application Model to meet the requirement? .....................................13

I use multiple partner tenants to transact, do I need to implement MFA on them all? ..............................13

Does each user in my partner tenant need to have MFA enforced? ..............................................................13

I am a direct bill partner with Microsoft. What do I need to do? ...................................................................14

I am an indirect reseller and only transact though a distributor. Do I still have to do this? .......................14

I do not use the Partner Center API. Do I still need to implement MFA? ......................................................14

Which third-party vendors provide MFA solutions compatible with Azure Active Directory? ...................14

How can I test MFA in our integration sandbox? .............................................................................................14

Page 3

Partner Security Requirements

 Will enabling MFA effect how I interact with my customer’s tenant? ............................................................14

4 Secure Application Model FAQs .................................................................................................... 15

Who should adopt the secure application model to meet the requirements? .............................................15

What is the Secure Application Model? .............................................................................................................15

How do I implement the Secure Application Model? ......................................................................................15

Who is a Control Panel Vendor (CPV)?...............................................................................................................15

Does the Secure Application Model need to be implemented for the Partner Center API/SDK only? .....16

I am using automation tools such as PowerShell. How do I implement the Secure Application Model? .16

What user credentials should the application administrator provide when performing the consent
process?..................................................................................................................................................................16

Why should the application administrator not provide global admin user credentials when performing
the consent process? ............................................................................................................................................16

What actions do I need to take to implement a secure applications model if I use Microsoft APIs? ........17

Should I enforce MFA or the Secure Application Model first? ........................................................................17

I am a CSP partner. How do I know if my Control Panel Vendor (CPV) is working on implementing the
solution or not? .....................................................................................................................................................18

I am a CPV. How do I enroll? ...............................................................................................................................18

I am using the Partner Center SDK. Will SDK automatically adopt the Secure Application Model? ..........18

Can I generate a refresh token for the secure application model with accounts that do not have MFA
enabled? .................................................................................................................................................................18

How should my application obtain an access token if we enable MFA? .......................................................19

As a CPV, do I create an Azure AD application in our CPV tenant or the tenant of the CSP partner? ......19

I am a CSP that is using app only authentication. Do I need to make any changes? ..................................19

As a CPV can I leverage the app only authentication style to get access tokens? .......................................19

5 Key resources ....................................................................................................................................... 20

How to get started ................................................................................................................................................20

Resources for enabling MFA................................................................................................................................20

Resources for adopting secure application model ...........................................................................................20

6 Support ................................................................................................................................................... 21
Where can I ask get support? ..............................................................................................................................21

How can I get help with enabling the baseline policies? .................................................................................21

Page 4

Partner Security Requirements

 How do I get technical information to adopt secure application model framework? .................................21

Where can I find more information about technical common issues? ..........................................................21

Page 5

Partner Security Requirements

1 Introduction
Cybersecurity continues to be one of the top challenges of our digital age. We frequently
see media reporting on security incidents across all industries and around the globe, with
more sophisticated attack techniques such as supply chain attacks, phishing and others
continuing to evolve. The impact of a security incident on an organization averages several
million dollars, and more serious events can cost hundreds of millions of dollars.

Greater security and privacy safeguards are among our top priorities. We know that the
best defense is prevention and that we are only as strong as our weakest link. That’s why
we need everyone in our ecosystem to take action and ensure they have appropriate
security protections in place.

To help safeguard partners and customers, we’re introducing a set of mandatory security
requirements for partners participating in the Cloud Solution Provider (CSP) program,
Control Panel Vendors, and Advisor partners.

What are the new partner security requirements?

To protect our partners and your customers, we are requiring partners to take the following
actions immediately:

1. Enable Multi-Factor Authentication (MFA) for all users in partner tenants

All users in partner tenants must use Multi-Factor Authentication (MFA) when signing
into Microsoft commercial cloud services or to transact in CSP through Partner Center
or via APIs. Through the enablement of the baseline protection policies MFA is
available at no cost for all users of partner tenants.
2. Adopt the Secure Application Model framework
All partners integrating with a Microsoft API such as Azure Resource Manager,
Microsoft Graph, and the Partner Center API must adopt the Secure Application
Model framework to avoid any disruption to their integration when the baseline
policies are enabled.

Enabling Multi-Factor Authentication (MFA) and adopting the Secure Application Model
framework will help protect your infrastructure and safeguard your customer’s data from
potential security risks such as identify theft or other fraud incidents.

Page 6

Partner Security Requirements

 Which partners need to meet the requirements?
These requirements are for the following partner groups:

• All partner organizations participating in the Cloud Solution Provider (CSP) program
that are transacting using the Microsoft commercial cloud services
o Direct bill partners
o Indirect providers
o Indirect resellers
• All Control Panel Vendors
• All Advisor program partners

All partners transacting through a sovereign cloud (21Vianet, US Government, and Germany)
are not required to meet the new security requirements effective August 1st. However, we
strongly recommend that all partners using a sovereign cloud act and adopt these new
security requirements immediately. Microsoft will provide additional details regarding the
enforcement of these security requirements for sovereign clouds in the future.

What are the key timelines and milestones?

The terms associated with these security requirements will be added immediately to the
Cloud Solution Provider Program Guide. You will need to implement these security
requirements to be in compliance with your participation in the CSP program effective
August 1, 2019.

What will happen if I do not take any actions?

Partners who fail to abide by these security practices and obligations will not be able to
transact in the Cloud Solution Provider program or manage customer tenants leveraging
delegate admin rights, once these partner security requirements are enforced. We are in the
process of establishing an enforcement date for the requirements and will notify partners of
the date with detailed information.

Why is Microsoft enforcing these new requirements?

Security and privacy of customers and partners is Microsoft’s top priority. We continue to
see more sophisticated, increasing number of security attacks, primarily related to identity-
compromise incidents. As preventive controls play a key role in an overall defense strategy
to thwart security attacks, we will start enforcing a set of mandatory security requirements
to help protect partners and their customers.

Page 7

Partner Security Requirements

 Does this apply to all geographies?
Yes, this applies to all geographies. We strongly recommend that all partners transacting
through a sovereign cloud (21Vianet, US Government, and Germany) act and adopt these
new security requirements immediately. However, these partners are not required to meet
the new security requirements effective August 1st. Microsoft will provide additional details
regarding the enforcement of these security requirements for sovereign clouds in the future.

Page 8

Partner Security Requirements

2 Required Actions

What are the key actions I need to take to meet the requirements?
All partners in the CSP program (direct bill, indirect provider and indirect reseller), Advisors,
and Control Panel Vendors must meet the requirements.

1. Enforce MFA for all users

All partners in the CSP program, Advisors, and Control Panel Vendors are required to
enforce MFA for all users in their partner tenant. This can be accomplished by enabling
the Require MFA for admins, the End user protection baseline, and any future baseline
policies. The functionality provided by the baseline policies will continue to evolve to
ensure partners and customers are protected from the ever-changing security threats.
So, it is important that you review the baseline policies documentation to learn more.

• See Baseline policy: Require MFA for admins for details on how to enable the Require
MFA for admin baseline policy.
• See Baseline policy: End user protection for details on how to enable the End user
protection baseline policy.
• Understand the concept of the baseline protection policies

Additional considerations:

• Indirect providers need to work with indirect resellers to onboard to Partner Center
if they have not done so already and encourage their resellers to meet the
requirements.
• Azure MFA is being made available to all users in the partner tenant at no cost
through the baseline policies with the only verification method of using Microsoft
Authenticator App.
• Additional verification methods are available through the Azure Active Directory
Premium SKUs, if other methods such as SMS or email are required.
• Partners can also leverage a third-party MFA solution per each user when accessing
Microsoft commercial cloud services.

2. Adopt the Secure Application Model framework

All partners who have developed custom integration using any APIs (such as Azure
Resource Manager, Microsoft Graph, Partner Center API, etc.) or implemented custom
automation using tools such PowerShell, will need to adopt the Secure Application

Page 9

Partner Security Requirements

 Model framework to integrate with Microsoft cloud services. Failure to do so may result
in a disruption due to MFA deployment. The following resources provide an overview
and guidance regarding how to adopt the model.

• Secure Application Model overview

• Partner Center: Secure Application Model guide
• Partners in CSP program: sample code for enabling Secure Application Model
• Partner Center authentication document
• Partner Center PowerShell Multi-Factor Authentication (MFA) document

If you are using a control panel, then you need to consult with the vendor regarding the
adoption of the Secure Application Model framework.

Page 10

Partner Security Requirements

3 Multi-Factor Authentication (MFA) FAQs

What is MFA?
Multi-Factor Authentication (MFA) is a security mechanism though which individuals are
authenticated through more than one required security and validation procedure. It works
by requiring two or more of the following authentication methods:

• Something you know (typically a password)

• Something you have (a trusted device that is not easily duplicated, like a phone)
• Something you are (biometrics)

What are baseline protection policies?

Microsoft baseline protection policies (currently preview) are a set of predefined policies that
help protect organizations against many common attacks. These common attacks can
include password spray, replay, and phishing. Baseline policies are available in all editions of
Azure Active Directory. Microsoft is making these baseline protection policies available to
everyone because identity-based attacks have been on the rise over the last few years. The
goal of these policies is to ensure that all organizations have a baseline level of security
enabled at no extra cost.

Important note: Microsoft baseline policies and related functionalities will continue to
evolve to better protect partners and customers from ever-changing security threats.
There may be some naming and taxonomy changes with the baseline policies soon. We
strongly recommend that you visit the baseline policies pages directly to check out the
latest information.

What baseline policies must I enable?

If you are planning to utilize the current baseline protection policies to provide MFA for each
user in the partner tenant, then you must enable the Require MFA for Admins and End user
protection baseline policies. These baseline protection policies will fulfill the requirement for
MFA for each user in the partner tenant at no cost only for the partners who are using
Microsoft Authenticator Apps via mobile device.

The Require MFA for admins baseline policy is leveraged to administrative users in the
partner directory, and the End user protection baseline policy is to leveraged to protect non-
administrative users in the partner tenant. Enabling these policies will require users to

Page 11

Partner Security Requirements

 register for MFA. After the user successfully registered, they will be prompted for MFA during
sign-in attempts based on the criteria of the policy. The functionality provided by the
baseline policies will continue to evolve to ensure partners and customers are protected from
the ever-changing security threats. So, it is important that you review the baseline policies
documentation to learn more.

How do I enable the Require MFA for admins policy?

The Require MFA for admins baseline policy can be enabled through the Azure management
portal. See Baseline policy: Require MFA for admins for details on how to enable this baseline
policy.

How do I enable the End user protection policy?

The End user protection baseline policy can be enabled through the Azure management
portal. See Baseline policy: End user protection for details on how to enable this baseline
policy.

Will the baseline policies be automatically enabled?

No, to enable these policies a user that is member of the global administrator, security
administrator, or conditional access administrator roles will need to configure the policies to
Use policy immediately.

What is the cost of enabling MFA?

Microsoft provides MFA at no cost through the implementation of the Require MFA for admin
and End user protection baseline protection policies. The only verification option available
through this version of MFA is the Microsoft Authenticator app. If a phone call or SMS
message is required, then an Azure Active Directory Premium license will need to be
purchased. Alternatively, you can utilize a third-party solution to provide MFA for each user
in your partner tenant – in this case, it is your responsibility to ensure your MFA solution is
being enforced and that you are compliant.

If I already have an MFA solution, what actions do I need to take?

Through these security requirements users in a partner tenant will be required to
authenticate using MFA when accessing Microsoft commercial cloud services. Third-party
solution can be used to fulfill these requirements. Microsoft no longer provides validation

Page 12

Partner Security Requirements

 testing to independent identity providers for compatibility with Azure Active Directory. If you
would like to test your product for interoperability, please refer to these guidelines.

What verification method can I use to authenticate MFA?

Azure MFA is being made available to all users in the partner tenant at no cost through the
Require MFA for admins and End user protection baseline policies for MFA. The only
verification method with these baseline policies will be the use of the Microsoft Authenticator
App.
In the event you need to leverage a phone call or SMS as a verification option, you will need
to purchase an Azure Active Directory Premium license or use a third-party solution.

Who should implement the Secure Application Model to meet the

requirement?
All partners in the CSP program, Advisors and Control Partner Vendors who have developed
custom integration using any APIs (such as Azure Resource Manager, Microsoft Graph,
Partner Center API, etc.) or implemented custom automation using tools such PowerShell,
will need to adopt the Secure Application Model framework to integrate with Microsoft cloud
services.

I use multiple partner tenants to transact, do I need to implement MFA

on them all?
Yes, you will need to enforce MFA for each Azure Active Directory tenant associated with the
CSP program or the Advisor program. If you plan to purchase an Azure Active Directory
Premium license, then a license must be purchased for the user in each Azure Active
Directory tenant.

Does each user in my partner tenant need to have MFA enforced?

The Require MFA for admins and End user protection baseline policies will enforce MFA for
each user in your partner tenant. If you are leveraging these policies to provide MFA and are
using the Microsoft Authenticator application, there is no need to purchase any additional
licenses. Otherwise, you will need to purchase an appropriate solution to provide MFA to
each user in your partner tenant.

Page 13

Partner Security Requirements

 I am a direct bill partner with Microsoft. What do I need to do?
Direct bill Cloud Solution Provider partners must enforce MFA for each user in their partner
tenant.

I am an indirect reseller and only transact though a distributor. Do I still

have to do this?
All indirect resellers are required to enforce MFA for each user in their partner tenant. This is
an action that the indirect reseller must perform.

I do not use the Partner Center API. Do I still need to implement MFA?
Yes, this security requirement is for all users including partner admin users and end-users in
a partner tenant.

Which third-party vendors provide MFA solutions compatible with

Azure Active Directory?
There are many independent reviews of MFA solutions online, such as Gartner. When
reviewing MFA vendors and solutions, partners must ensure the solution they choose is
compatible with Azure Active Directory.
Microsoft no longer provides validation testing to independent identity providers for
compatibility with Azure Active Directory. If you would like to test your product for
interoperability, please refer to these guidelines.
For more information see the Azure AD federation compatibility list.

How can I test MFA in our integration sandbox?

The Require MFA for admins and End user protection baseline policies should be enabled for
your integration sandbox tenant. Through this policy each user in the tenant will be required
to authenticate using MFA.

Will enabling MFA effect how I interact with my customer’s tenant?

No. The fulfillment of these security requirements will not impact how you manage your
customers. Your ability to perform delegated administrative operations will not be
interrupted.

Page 14

Partner Security Requirements

4 Secure Application Model FAQs

Who should adopt the secure application model to meet the

requirements?
Microsoft is introducing a secure, scalable framework for authenticating Cloud Solution
Provider (CSP) partners and Control Panel Vendors (CPV) that leverages Multi-Factor
Authentication. See the Secure Application Model guide for more information. All partners
who have developed custom integration using any APIs (such as Azure Resource Manager,
Microsoft Graph, Partner Center API, etc.) or implemented custom automation using tools
such PowerShell, will need to adopt the Secure Application Model framework to integrate
with Microsoft cloud services.

What is the Secure Application Model?

Microsoft is introducing a secure, scalable framework for authenticating Cloud Solution
Provider (CSP) partners and Control Panel Vendors (CPV) that leverages Multi-Factor
Authentication. See the Secure Application Model guide for more information.

How do I implement the Secure Application Model?

Through the implementation of the baseline policies, Multi-Factor Authentication will be
required for each user in the partner tenant. If you have any automation or integration that
leverages user credentials for authentication, then you will need to implement the Secure
Application Model framework.

The following resources provide an overview and guidance regarding how to adopt the
model.

• Secure Application Model overview

• Partner Center: Secure Application Model guide
• Partners in CSP program: sample code for enabling Secure Application Model
• Partner Center access authentication document
• Partner Center PowerShell Multi-Factor Authentication (MFA) document

Who is a Control Panel Vendor (CPV)?

A Control Panel vendor is an independent software vendor that develops apps for use by
CSP Partners to integrate with Partner Center APIs. A Control Panel vendor is not a CSP

Page 15

Partner Security Requirements

 Partner with direct access to Partner Center dashboard or APIs. A detailed description is
available within the Partner Center: Secure Applications Model guide.

Does the Secure Application Model need to be implemented for the

Partner Center API/SDK only?
Once both the Require MFA for admins and End user protection baseline policies are enabled
each user will be required to authenticate using Multi-Factor Authentication. This means you
will need to implement the Secure Application Model for each API, CLI, and PowerShell
module (e.g. Azure, Azure AD, MS Online, Partner Center, etc.) that is intended to run non-
interactively and relies on the use of user credentials for authentication.

I am using automation tools such as PowerShell. How do I implement

the Secure Application Model?
If your automation is intended to be run non-interactively and relies on user credentials for
authentication, then you will need to implement the Secure Application Model. See Secure
Application Model | Partner Center PowerShell for guidance on how to implement this
framework.

Note, not all automation tools provide the ability to authenticate using access tokens. If you
need help understanding what changes need to be made, please post a message on the
Partner Center Security Guidance group.

What user credentials should the application administrator provide

when performing the consent process?
It is recommended that you use a service account that has been assigned the least privileged
permissions. With respect to the Partner Center API this means you should use an account
that has either been assigned the Sales Agent or Admin Agents role.

Why should the application administrator not provide global admin

user credentials when performing the consent process?
It is best practice to use least privileged identifies that way you are reducing the risk. It is not
recommended to use an account that has global admin privileges because that would be
providing more permissions than what is required.

Page 16

Partner Security Requirements

 What actions do I need to take to implement a secure applications
model if I use Microsoft APIs?
All partners who have developed custom integration using any APIs (such as Partner Center
API, Azure Resource Manager, Microsoft Graph, etc.) or implemented custom automation
using tools such PowerShell, will need to adopt the Secure Application Model framework to
integrate with Microsoft cloud services. Failure to do so may result in a disruption due to
MFA deployment. The following resources provide an overview and guidance regarding how
to adopt the model.

• Secure Application Model overview

• Partner Center: Secure Application Model guide
• Partners in CSP program: .NET sample code for enabling Secure Application Model
• Partners in CSP program: Java sample code for enabling Secure Application Model
• Partner Center access authentication document
• Partner Center PowerShell Multi-Factor Authentication (MFA) document

If you are using a control panel platform, then you need to consult with the vendor regarding
the adoption of the Secure Application Model framework.

Control panel vendors are required to on-board to Partner Center as a control panel vendor
and start implementing this requirement immediately. Refer to the Partner Center: Secure
Application Model framework. Control panel vendors must accept and manage CSP partners’
consent instead of credentials and purge all existing CSP partners’ credentials.

Should I enforce MFA or the Secure Application Model first?

You should enforce MFA, to avoid any issue with security changes making the refresh token,
obtained for the Secure Application Model framework, invalid. Enabling MFA after will cause
an error stating your administrator has made a change and you will need to authenticate
using MFA. If you enable the Secure Application Model framework prior to enabling MFA
you will need to generate a new refresh token.

Note, you should create a new service account for any automation and integration where
you can enforce MFA first. Doing this will enable you to test your solution prior to deploying
it to production.

Page 17

Partner Security Requirements

 I am a CSP partner. How do I know if my Control Panel Vendor (CPV) is
working on implementing the solution or not?
For partners using a Control Panel Vendor (CPV) solution to transact in the Cloud Solution
Provider (CSP) program, it is your responsibility to consult with your CPV.

I am a CPV. How do I enroll?

To enroll as a control panel vendor (CPV), follow the guidelines provided here.

In order to receive the enrollment link, CPVs must contact CPVHelp@microsoft.com and
provide a Microsoft employee sponsor who has a business relationship with the CPV or
knows their business. For example, a Partner Development Manager (PDM).

Once you enroll in Partner Center and register your applications, you will have access to
Partner Center APIs. If you are a new CPV, you will receive your sandbox information via a
Partner Center notification. Once you have completed enrollment as a Microsoft CPV and
accepted the CPV agreement, you can:

1. Manage multi-tenant application (add applications to Azure portal, register and

unregister applications in Partner Center). Note: CPVs must register their applications
in Partner Center to get authorized for Partner Center APIs. Adding applications to
the Azure portal alone does not authorize CPV applications for Partner Center APIs.

2. View and manage your CPV profile

3. View and manage your users who need access to CPV capabilities. The only role a
CPV can have is Global Admin.

I am using the Partner Center SDK. Will SDK automatically adopt the
Secure Application Model?
No, you will need to follow the guidelines provided in the Secure Application Model guide.

Can I generate a refresh token for the secure application model with
accounts that do not have MFA enabled?
Yes, a refresh token can be generated using an account that does not have MFA enforced.
However, this should not be done because any token generated using an account that does
not have MFA enabled will not be able to access resources due to the requirement for MFA.

Page 18

Partner Security Requirements

 How should my application obtain an access token if we enable MFA?
You will need to follow the Secure Application Model guide which provides detail on how to
do so whilst complying with the new security requirements. You can find .NET sample code
here and Java sample code here.

As a CPV, do I create an Azure AD application in our CPV tenant or the

tenant of the CSP partner?
The CPV will need to create the Azure Active Directory application in the tenant associated
with their enrollment as a CPV.

I am a CSP that is using app only authentication. Do I need to make any

changes?
App only authentication is not impacted as user credentials are not being used to request
an access token. If user credentials are being shared, then control panel vendors (CPVs) must
adopt the Secure Application Model framework and purge any existing partner credentials
they have.

As a CPV can I leverage the app only authentication style to get access
tokens?
No, Control Panel Vendor partners cannot utilize the app only authentication style to request
access tokens on the behalf of partner. They should implement the secure application model,
which utilizes the app + user authentication style.

Page 19

Partner Security Requirements

5 Key resources

How to get started

• Partner security requirements: step-by-step guide
• Direct your questions and feedback to this Partner Center Security Guidance Group at
https://aka.ms/MPCSecurityGuidance
• Attend upcoming partner office hours and webinars. Please check the detailed
schedule and resources here.

Resources for enabling MFA

• Baseline protection policies overview
• See Baseline policy: Require MFA for admins for details on how to enable the Require
MFA for admin baseline policy.
• See Baseline policy: End user protection for details on how to enable the End user
protection baseline policy.

Resources for adopting secure application model

• Secure Application Model overview
• Partner Center: Secure Application Model guide
• Partners in CSP program: .NET sample code for enabling Secure Application Model
• Partners in CSP program: Java sample code for enabling Secure Application Model
• Partner Center authentication document
• Partner Center PowerShell Multi-Factor Authentication document

Page 20

Partner Security Requirements

6 Support

Where can I ask get support?

• Additionally, for support leveraging resources to meet the security requirements, if you
have Advanced Support for Partners (ASfP) contact your Service Account Manager; for
Premier Support for Partners agreement (PSfP), contact your Service Account Manager
and Technical Account Manager.

How can I get help with enabling the baseline policies?

• Partners can leverage the Advisory hours from MPN benefits to get more detailed
guidance on how to implement the security requirements.
• Technical product support options for Azure Active Directory are available through your
MPN benefits. Partners with access to an active ASfP or PSfP agreements can work with
their associated account manager (SAM/TAM) to best understand the options available
to them.
• Support for baseline policies implementation with Partner Center can be accessed via
Partner Center service request. Select MFA & Secure Application Model as the topic.

How do I get technical information to adopt secure application model

framework?
• Technical product support options for Azure Active Directory are available through your
MPN benefits. Partners with access to an active ASfP or PSfP subscription can work with
their associated account manager (SAM/TAM) to best understand the options available
to them.

Where can I find more information about technical common issues?

Information regarding the technical common issues can be found here.

Page 21

Partner Security Requirements