Microsoft CSP Program Changes:
Big Changes Ahead: What Microsoft Partners Need to Know About FY26 CSP Updates
Microsoft is introducing significant updates to the Cloud Solution Provider (CSP) program starting October 1, 2025.
These changes affect all CSP partners: Direct Bill partners, Distributors, and Indirect Resellers and will impact both authorization and incentive eligibility.
CloudCockpit
This article covers FY26 Microsoft CSP program authorization requirements for Direct Bill partners, Distributors, and Indirect Resellers, verified against Microsoft Learn documentation.
- Covers the $1M TTM Direct Bill revenue threshold at PGA level, the $1K Indirect Reseller threshold at PLA level, mandatory security requirements (MFA, security contact, 24-hour alert response), incentive eligibility tied to Solutions Partner designations and Partner Capability Score, and COCP subscription transfer incentive rules under NCE. Includes confirmed incentive eligibility thresholds: $1M TTM for Direct Bill and $25K TTM for Indirect Resellers, with a 25-point PCS minimum. Written for Direct Bill partners, Distributors, and Indirect Resellers managing annual CSP authorization compliance.
Microsoft CSP Program Requirements FY26: All Partner Tiers
By CloudCockpit Team | Published: May 15, 2025 | Last updated: May 18, 2026
Starting October 1, 2025, Microsoft enforces annual authorization reassessments for all three CSP partner tiers:
- Direct Bill partners,
- Distributors and,
- Indirect Resellers.
Partners who do not meet the updated requirements by their CSP onboarded anniversary month enter a formal deauthorization process.
This article covers the specific thresholds and requirements for each tier, the incentive eligibility structure, and what the COCP monitoring update means in practice. All claims are verified against Microsoft Learn documentation.
Why the Requirements Changed
Microsoft's FY26 updates are driven by three factors: security posture, partner capability, and program scale.
On security:
MFA for all administrative users, a designated security contact in Partner Center, and a 24-hour average security alert response time are now mandatory authorization conditions, not recommendations. Partners who fail any of these three requirements cannot maintain CSP authorization, regardless of revenue.
On capability:
Direct Bill partners must now hold at least one Solutions Partner designation in the Microsoft AI Cloud Partner Program (MAICPP). This signals active competency in a solution area such as Modern Work, Security, Azure, or Business Applications, and is assessed as part of the annual reassessment cycle.
On scale:
Revenue thresholds per partner tier ensure that authorized partners are active transacting businesses. The thresholds are measured on a trailing 12-month (TTM) basis and vary by tier and measurement level.
By tightening authorization requirements and aligning incentives with partner performance, Microsoft is signalling clearly: partners who invest in designated solution areas and maintain security hygiene will be rewarded with continued authorization and access to CSP offers.
Authorization Requirements by Partner Tier
Before a partner can place any order on behalf of a customer, the customer must accept the Microsoft Customer Agreement (MCA), the legal agreement between Microsoft and the end customer governing use of Microsoft cloud services. This is separate from the Microsoft Partner Agreement (MPA), which governs the relationship between Microsoft and the partner.
Each partner tier is assessed annually, tied to the anniversary of its original CSP onboarding month.
| Requirement | Direct Bill | Distributor | Indirect Reseller |
|---|---|---|---|
| Minimum TTM revenue | USD $1M at PGA level | By Microsoft nomination | USD $1,000 at PLA level |
| Revenue report location | CSP Revenue Details, Downloads Hub | Reseller Performance, Downloads Hub | Via Distributor (no direct report in Partner Center) |
| Support plan | ASfP or PSfP required | ASfP or PSfP required | Not required |
| Solutions Partner designation | At least one (MAICPP) required | Not specified in Microsoft Learn | Not required |
| MFA for all admin users | Required | Required | Required |
| Security contact in Partner Center | Required | Required | Required |
| 24-hour alert response | Required | Required | Not required |
| Microsoft Partner Agreement | Direct Bill MPA | Distributor MPA | Indirect Reseller MPA |
| Prior 12 months as Indirect Reseller | Required before applying | Not applicable | Not applicable |
| Annual reassessment | Yes, from October 2025 | Yes, from October 2025 | Yes, from October 2025 |
Direct Bill Partners
Direct Bill partners purchase Microsoft products directly from Microsoft and sell to customers through their own sales infrastructure. All CSP tenants under the Partner Global Account (PGA) aggregate toward the revenue threshold.
Direct Bill partners must:
- Have at least 12 months of prior transacting history as a CSP Indirect Reseller (at the tenant level);
- Generate USD $1,000,000 or more in CSP transactional revenue during the trailing 12 months, measured at the PGA level;
- Pass an operational capability assessment covering billing, provisioning, customer support, compliance, and security (Microsoft contacts qualifying applicants directly);
- Hold an Advanced Support for Partners (ASfP) or Premier Support for Partners (PSfP) plan;
- Achieve at least one Solutions Partner designation in the Microsoft AI Cloud Partner Program (MAICPP), or hold a minimum of 25 Partner Capability Score (PCS) points in a qualifying solution area;
- Enable MFA for all administrative users in the CSP tenant;
- Designate a security contact in Partner Center;
- Maintain an average security alert response time under 24 hours;
- Accept the Direct Bill Microsoft Partner Agreement (MPA).
After deauthorization or a failed application, the waiting period before reapplying is 12 months.
Distributors
Distributor authorization is by Microsoft nomination and approval. Distributors are not self-enrolled and are subject to annual reassessment from October 2025 onwards.
Based on confirmed Microsoft Learn documentation, Distributors must:
- Receive a Microsoft nomination and accept an invitation to the program;
- Enable MFA for all administrative users in the CSP tenant;
- Designate a security contact in Partner Center;
- Maintain an average security alert response time under 24 hours;
- Accept the Distributor Microsoft Partner Agreement (MPA).
Revenue and capability thresholds for Distributors are not published in Microsoft Learn documentation. Distributors should confirm current requirements directly with their Microsoft account team or via the CSP Authorization Partner FAQ
Indirect Resellers
Indirect Resellers transact through a Distributor and are assessed annually at the Partner Location Account (PLA) level. Eligible revenue includes perpetual software but excludes non-transactional revenue from CPOR, DPOR, and PAL attributions.
For CSP authorization, Indirect Resellers must:
- Generate at least USD $1,000 in CSP transactional revenue during the preceding 12 months, measured at the PLA level;
- Enable MFA for all administrative users in the CSP tenant;
- Designate a security contact in Partner Center;
- Accept the Indirect Reseller Microsoft Partner Agreement (MPA), available in Partner Center under Account Settings.
Note: Indirect Resellers do not have direct revenue reports in Partner Center. TTM revenue must be requested from the Distributor, who can pull the Reseller Performance report. The 24-hour alert response requirement does not apply at this tier.
For CSP incentive eligibility (M365, D365, and Azure CSP engagements), Indirect Resellers must also:
- Generate at least USD $25,000 in CSP transactional revenue during the trailing 12 months, measured at the PLA level within the same country under the Partner Global ID (assessed monthly, looking back 365 days);
- Hold a Solutions Partner designation in the relevant solution area (70+ PCS points), or reach a minimum of 25 Partner Capability Score (PCS) points in that area.
Sources: Microsoft Commercial Partner Incentives Policy Guide
CloudCockpit note: Meeting these requirements once is straightforward. Tracking them on a rolling basis across multiple tenants is where most partners develop blind spots. Revenue at the PGA level aggregates across all PLAs, meaning a single underperforming tenant can put the whole account at risk. Security score is assessed across all production tenants under the PGA, not just the primary one. Partners who monitor this exclusively through Partner Center typically receive their first gap alert from Microsoft rather than catching it internally. CloudCockpit provides a consolidated authorization status view so partners see gaps before the 90-day notification window starts running.
CSP Incentive Eligibility
CSP incentives in FY26 cover M365, D365, and Azure CSP engagements. To qualify, a partner must meet two criteria: a designation or PCS requirement, and a revenue threshold.
Designation or PCS requirement: A partner must either hold a Solutions Partner designation in the relevant solution area (Modern Work, Security, Azure, or Business Applications), or reach a minimum of 25 Partner Capability Score (PCS) points in that area.
A Solutions Partner designation requires at least 70 PCS points. The PCS measures three categories: performance (net customer adds), skilling (certified employees linked to the MAICPP account), and customer success (usage and workload growth). Revenue threshold by partner tier:
For Direct Bill partners:
The revenue threshold for incentive eligibility is USD $1,000,000 TTM at the Partner Global Account (PGA) level, assessed monthly looking back 365 days. This is consistent with the authorization requirement.
For Indirect Resellers:
The revenue threshold is USD $25,000 TTM at the Partner Location Account (PLA) level, also assessed monthly over 365 days. The threshold applies per PLA within the same country under the Partner Global ID. It covers M365, D365, and Azure CSP incentive engagements.
CloudCockpit note: Incentive eligibility is assessed per Partner Location Account (PLA), which means a partner operating across multiple regions may qualify in one market and fall short in another. Partners running a multi-region CSP business often discover this gap after a payout cycle rather than before it. Tracking PCS progress, revenue per PLA, and designation status across every active tenant is exactly the kind of operational detail that gets buried in manual processes. Having it consolidated in a single view reduces the risk of leaving incentive revenue on the table.
COCP: What the Monitoring Means for Incentives
Microsoft is monitoring Change of Channel Partner (COCP) activity in the New Commerce Experience (NCE): specifically, the movement of customer subscriptions between CSP partners.
The Microsoft partner incentives policy defines the COCP rule as follows: the Partner of Record at the time of the transaction earns the related incentive. When a CoCP occurs, future earnings and responsibility for monthly customer service activities transfer to the new partner. For indirect agreements, any credits and the associated negative incentive impact apply to the prior Partner of Record. For direct agreements, credits issued after the CoCP effective date apply to the new Partner of Record.
Under NCE transfer mechanics, when a subscription moves between partners, the original partner's incentive for that billing period is adjusted on a prorated basis. The target partner does not earn incentives for transferred subscriptions, as transferred customers are not counted as new.
CloudCockpit note: The COCP monitoring signals something worth tracking beyond the incentive question. Partners who are losing customers to other CSP partners see it in transfer activity before it appears in their revenue reports. By the time the month closes and the prorated reversal appears on the incentive statement, the relationship gap has already widened. Distributors managing a reseller network and Direct Bill partners with large portfolios benefit from real-time transfer visibility. CloudCockpit surfaces subscription movement as an operational event, not a billing surprise.
What to Do Before Your Anniversary Month
Your compliance deadline is your specific CSP onboarded anniversary month, not a universal date. Microsoft begins sending notification emails 90 days before that month. Here is what to verify.
Revenue: Download your TTM revenue report from Partner Center. Direct Bill partners use the CSP Revenue Details report in the Downloads Hub. Indirect Resellers must request PLA-level revenue from their Distributor. Confirm you are above your tier's threshold with enough margin to absorb normal billing fluctuation. Source:
Security: Go to the Security workspace in Partner Center and confirm all applicable mandatory requirements: MFA enabled for all admin users, security contact designated, and average alert response time under 24 hours (Direct Bill and Distributors only).
Solutions Partner designation (Direct Bill): Track your current designation progress on the Solutions Partner dashboard in Partner Center. Start with the solution area where your revenue concentration is highest.
Anniversary month: Check your original CSP onboarding date in Partner Center under Account Settings. That month is your annual compliance deadline, not October 1 universally.
Distributor alignment (Indirect Resellers): Confirm your Distributor can provide your PLA-level TTM revenue and is prepared to support documentation requests during the annual review.
The Bottom Line
The FY26 CSP authorization changes are not a one-time compliance event. They are an annual cycle, assessed at the anniversary of each partner's original CSP onboarding month.
What changed in FY26 is not the existence of requirements but their enforcement. Missing a revenue threshold, a security requirement, or a Solutions Partner designation now triggers a formal 30-day resolution window. Missing that window triggers deauthorization.
The partners best positioned for this cycle are the ones who track their authorization status as an ongoing operational concern, not those who check it when a Microsoft notification arrives.
Sources
- Direct Bill Eligibility Requirements FY26 (Microsoft Learn)
- Requirements to Enroll as a CSP Direct-Bill Partner (Microsoft Learn)
- Indirect Reseller Eligibility Requirements FY26 (Microsoft Learn)
- Security Requirements for Partner Center (Microsoft Learn)
- What is the Cloud Solution Provider Authorization? (Microsoft Learn)
- Partner Capability Score (Microsoft Learn)
- Confirm Customer Acceptance of the Microsoft Customer Agreement (Microsoft Learn)
- Transfer New Commerce License-Based Subscriptions (Microsoft Learn)
- Annual Authorization Enforcement (Microsoft Learn)
- Microsoft Commercial Partner Incentives Policy Guide (Microsoft Partner Network)
Frequently Asked Questions
What is the revenue threshold for Direct Bill CSP partners in FY26?
Direct Bill partners must generate at least USD $1,000,000 in CSP transactional revenue during the trailing 12 months, measured at the Partner Global Account (PGA) level. All CSP tenants under the PGA aggregate toward this threshold. Eligible revenue includes perpetual software sold through CSP. The TTM calculation is subject to review and verification by Microsoft. Partners can track progress via the CSP Revenue Details report in the Downloads Hub in Partner Center. Source:
What are the mandatory security requirements for CSP partners in FY26?
Three security requirements are mandatory: (1) MFA enabled for all administrative users in the CSP tenant; (2) a security contact designated in Partner Center; (3) security alerts responded to within 24 hours on average. The third requirement applies to Direct Bill partners and Distributors but not to Indirect Resellers. These are validated annually and can be checked in the Security workspace in Partner Center. Failure to meet any one of these blocks authorization regardless of revenue. Source:
What happens if a Direct Bill partner misses FY26 authorization requirements?
Microsoft sends notification emails starting 90 days before the partner's CSP anniversary month. If requirements remain unmet at the anniversary date, the partner has 30 days to resolve the gaps. If still unresolved at T+30, deauthorization proceedings begin and the partner must transition customer subscriptions to another CSP partner. After deauthorization, the partner must wait 12 months before reapplying. Source:
What is the difference between the MCA and the MPA?
The Microsoft Partner Agreement (MPA) governs the relationship between Microsoft and the CSP partner. Each tier signs the version applicable to their role: Direct Bill MPA, Distributor MPA, or Indirect Reseller MPA. The Microsoft Customer Agreement (MCA) is a separate agreement between Microsoft and the end customer governing use of Microsoft cloud services. Before a CSP partner places any order on behalf of a customer, the customer must have accepted the MCA, either through direct acceptance in the Microsoft 365 Admin Center or via the partner through the Enhanced Attestation API. Source:
What does COCP mean and how does it affect CSP incentives?
COCP stands for Change of Channel Partner: the process by which a customer moves subscriptions from one CSP partner to another in the New Commerce Experience (NCE). When a transfer occurs, the original partner receives a prorated reversal of incentives already paid for that billing period. The target partner does not earn incentives for transferred subscriptions, as these are not counted as new customers. Microsoft is monitoring COCP activity and will notify partners before any enforcement action beyond the current prorated reversal mechanism is introduced. Source:
![Risk Management [Part 2]](https://media.cloudcockpit.com/media/assets/large_managing_financial_risk_in_the_microsoft_csp_program_564aaefd90.webp)