Trent works for CSP Wingtip. Wingtip has implemented MFA for all users among Wingtip partner agents using third-party AMF, which is integrated into Azure AD via the identity network. We have successfully completed the activation of admin-on-behalf-of (AOBO) functions for all partner leaders. In order to continue to protect partners and customers, while helping q2 CY2020, we begin to activate Partner Center transactions in CSP and help our partners protect their businesses and customers from identity theft. A partner implemented MFA for its users using a third-party MFA solution. However, the partner cannot properly configure a third-party provider`s MFA solution to transmit to Azure AD that the AMF verification was performed during user authentication. Is this a technical exception? Yes, you can use conditional access to force the AMF for each user, including service accounts, in your partner. However, given the great privilege as a partner, we must ensure that every user is faced with an MFA challenge for each authentication. This means that you will not be able to use the conditional access function that bypasses the AMF requirement.

During the user`s interactive authentication method, the partner should use a partner user account already activated for the AMF. If Azure AD`s partner is invited to do so, they can complete the AMF registration and the AMF verification upon registration. Sign up and participate in monthly live webinars to get the latest CSP experiences and new business experiences for hot topics and other licensing information for all partners. If the partner account is a composite identity, the experience depends on how the partner administrator set up the Federation in Azure AD. When setting up the Federation in Azure AD, the Azure AD partner administrator can indicate whether or not the interconnection identity provider supports the AMF. If this is the case, Azure AD redirects the user to the interconnection identity provider to finalize the AMF verification. Otherwise, Azure AD directly asks the user to complete the AMF verification. If the partner account has not yet registered with Azure AD for the AMF, the user is asked to complete the AMF registration first.