Support of the New Application Security Model

As of February 4, 2019, Microsoft introduces a new application security model for authenticating cloud solution provider partners and control panel vendors (an overview of the new security model and technical details are available at https://docs.microsoft.com/en-us/partner-center/develop/enable-secure-app-model).

As of this version, the Office 365 application supports the new application security model and is compliant with its requirements:

  • The application no longer stores the user credentials of CSP partner accounts. All user credentials will be erased during the upgrade of the application to version 18.4.1.
  • The application no longer requires CSP partners to register any apps in the Azure ADs of their CSP partner accounts. Instead of this, a single app registered in Ingram Micro's control panel vendor account (ingrammicrocpv.onmicrosoft.com) is shared among all Office 365 application instances of all CSP partners. This makes the process of Office 365 application instance configuration simpler and less error-prone.

  • Now, a CSP partner using the application must give explicit consent to the permissions that the application requires to make calls to the Partner Center and Graph APIs on behalf of the CSP partner; as a result of giving consent, the application acquires a refresh token. The application securely stores and uses this refresh token to make calls to the Microsoft APIs on behalf of the CSP partner.

    A CSP partner can give consent and acquire a refresh token from the UI of the application; during this procedure, signing in to the Microsoft Partner Center as an administrative user of the CSP partner account is required.

  • A refresh token has a 90 day lifetime. A CSP partner must give consent and acquire a new refresh token before the current refresh token expires.

Warning: Service providers using the Office 365 application on their Odin Automation installations need to upgrade the application to version 18.4.1 before February 4, 2019. Otherwise, the application will not be able to manage existing Office 365 subscriptions or create new ones.

Please refer to Odin Automation Office 365 Integration Provider's Guide >> Cloud Solution Provider Scenario to learn more.