Microsoft is overhauling its Microsoft Customer Agreement (MCA) and introducing a refreshed Microsoft Partner Agreement (MPA) for October 2025

Microsoft has announced sweeping updates to its partner and customer agreement processes. These changes, which will take effect in October 2025, impact how partners validate customer acceptance of the Microsoft Customer Agreement (MCA) and introduce a refreshed Microsoft Partner Agreement (MPA) with new terms focused on privacy, security, and compliance.

Major Changes to Microsoft Customer Agreement 

Currently, Microsoft partners can confirm that customers have accepted the MCA through three different methods: an API, the Partner Center user experience (UX), or the MCA bulk attestation tool. However, effective October 7, 2025, Microsoft will streamline this process by retiring the current API and Partner Center UX, leaving only two valid methods for new customer orders:

1. Enhanced Partner Attestation API: Partners must integrate the new, more compliant API to attest on behalf of customers.
2. Direct Customer Acceptance: Customers can accept the MCA themselves via the Microsoft 365 admin center.

The MCA bulk attestation tool will also see a phased retirement. After May 7, 2025, this tool will become read-only, and by January 2026, it will be fully retired[1][2][5]. These changes are designed to simplify the attestation process, reduce compliance risks, and ensure a more consistent and reliable experience for both partners and customers.

“Microsoft runs on trust. Operating compliantly is essential to maintaining trust with our customers, and partners play an important role in ensuring compliance,” the company stated in its official announcement.

The updated API will be available in sandbox mode starting April 11, 2025, allowing partners to test and integrate it ahead of the October deadline. Partners who do not transition to the new API by October 7, 2025, will need to have their net new customers directly accept the MCA before any purchases can be made. More importantly, existing customers who have already accepted the MCA will not be required to reaccept under the new system.

Updates to the Microsoft Partner Agreement (MPA)

Alongside the changes to the MCA process, Microsoft is updating the Microsoft Partner Agreement (MPA), effective October 4, 2025. The revised MPA introduces enhanced terms that reflect Microsoft’s ongoing commitment to privacy, security, compliance, and transparency. These updates are intended to provide clearer requirements for lawful business practices, foster long-term growth, and ensure business continuity for partners.

Key highlights of the updated MPA include:

1. Automatic Application: The new terms will apply automatically to current partners without the need for additional signatures or acknowledgments.
2. Focus on Best Practices: The agreement incorporates updated best practices to further support compliance and transparency across the partner network.
3. No Immediate Action Required: Partners are encouraged to review the new MPA with their legal teams, but no direct action is needed for the terms to take effect.

Additional Security Measures and Best Practices

Microsoft is also reinforcing its security posture by mandating multifactor authentication (MFA) across Azure, Microsoft 365, and Partner Center. This requirement is part of a broader initiative to reduce cyber risk and ensure a secure environment for all partners and customers.

“Comprehensive security among organizations presents a significant opportunity for every partner to grow their business and reach more customers. We deeply appreciate your help in making this transition as smooth as possible so we can continue to build a secure partner ecosystem—and safer solutions for customers—together,” Microsoft emphasized in its partner communications.

What Partners Need to Do

1. Integrate the New API: Partners wishing to continue attesting on behalf of customers must adopt the new enhanced API before October 7, 2025.
2. Prepare for Bulk Tool Retirement: Plan for the MCA bulk attestation tool’s read-only status after May 7, 2025, and its full retirement in January 2026.
3. Review the Updated MPA: Partners should access the new agreement in Partner Center and consult with legal teams to understand the updated terms.
4. Implement MFA: Ensure multifactor authentication is enabled across all relevant Microsoft portals.

These partner and customer updates mark a pivotal shift in Microsoft’s approach to partner and customer agreements, reflecting the company’s dedication to compliance, security, and a seamless partner experience. By streamlining attestation processes and updating legal agreements, Microsoft is setting a new standard for operational excellence and trust in its global partner network. Partners are strongly encouraged to act early to ensure uninterrupted business operations and to fully benefit from the enhanced compliance and security framework.