Microsoft compliance timeline - Q4 2025 to Q1 2026: Important CSP Dates

Microsoft is tightening security and program controls across Entra, Azure and the Cloud Solution Provider program. To help partners plan, we created a single timeline that shows what changes when, who is affected, and the one action to take for each milestone. Use the infographic below to brief stakeholders, build your runbook, and avoid last-minute scrambles.

Key dates at a glance

• 1 Oct 2025 — Security and MFA. Azure and Entra Phase 2 requires MFA for Azure CLI, PowerShell, SDKs, IaC tools and control-plane REST operations for create or update. Confirm MFA coverage for admins and automations.

• 1 Oct 2025 — CSP authorization rules. Enforcement for mandatory security controls begins. Ensure admin MFA, a named security contact and a 24-hour response to Partner Center security alerts.

• 1 Nov 2025 — EA to CSP upside. Global packaging and pricing changes for Microsoft 365 and Teams create a strong moment to compare EA renewal vs CSP.

• 1 Jan 2026 — Annual validation. CSP authorization is validated in your onboarding anniversary month. Assign ownership and prepare evidence.

• 5 Jan 2026 — MCA attestation. Partner attestation blocking changes take effect. Reconfirm customer MCA acceptance to avoid transaction blocks.

• 1 Apr 2026 — Partner API MFA. MFA becomes mandatory for Partner Center API access. Refactor authentication and token handling ahead of time.

• 1 Apr 2026 — Extended Service Term. New EST option for CSP subscriptions. Build renewal and grace-period playbooks that use EST to prevent unintended suspensions

  

• Audit your CSP authorization readiness.

  Cloudmore supports partners in mapping mandatory security controls, verifying MFA coverage for admin users, and documenting a clear response plan for the upcoming annual authorization checks.

• Update Partner Center automation for MFA and compliance.

  Our team can guide you through authentication refactoring, token updates, and workflow adjustments to meet the new Partner Center MFA requirements for both portal and API access.

• Validate MCA attestation and extended service-term readiness.

  We’ll help you confirm that customer MCAs are accepted, and set up your renewal and billing playbooks to use Microsoft’s new Extended Service Term option without interruptions.

• Provide real-time compliance visibility.

  Through Cloudmore’s dashboards and CSP automation tools, you can monitor authorization status, and attestation progress - all in one place.
  
  End