What is changing with MCA attestation for CSP partners?

Microsoft is retiring legacy MCA attestation methods. After January 5, 2026, partners can only attest using the new Enhanced Attestation API or have customers directly accept the MCA through the Microsoft 365 Admin Center. The Partner Center UI and legacy API will no longer work for attestation.

When is the MCA attestation deadline for CSP partners?

The key deadline is January 5, 2026, when the legacy API and Partner Center UX-based attestation will be retired. Additionally, the bulk attestation tool became read-only on October 7, 2025, and will be fully retired in January 2026.

Who is affected by the MCA attestation changes?

All direct bill partners and distributors (formerly indirect providers) who use Partner Center UX, the legacy attestation API, or the bulk attestation tool to attest on behalf of customers. Indirect resellers cannot attest directly and must work with their indirect provider.

What happens if I don't update my MCA attestation process?

If you don't integrate the new Enhanced Attestation API by January 5, 2026, your net new customer purchases will be blocked. Partners who attested before April 1, 2023, and haven't re-attested are already blocked from new purchases, quantity changes, and subscription upgrades since October 7, 2025.

What are the two options for MCA attestation after January 2026?

After January 5, 2026, there are only two ways to accept the MCA: (1) Integrate Microsoft's new Enhanced Attestation API into your workflow, or (2) Have customers directly accept the MCA themselves through the Microsoft 365 Admin Center.

What happens after a partner attests on behalf of a customer?

Microsoft sends an automated email to the customer within 30 minutes confirming the attestation. Partners should prepare their support teams to handle customer questions, as customers are directed back to their partner of record for any questions about the agreement.

How do I fix a duplicate record error during MCA re-attestation?

If a customer gets blocked due to duplicate records when trying to re-accept the MCA, you can either: (1) Have a different authorized signatory from the customer's organization accept using their own credentials, or (2) Use the same person but change either the email address or phone number slightly to avoid duplication.

MCA Attestation for CSP Partners: 2026 Deadline & Solutions

Q: What is the Enhanced Attestation API for MCA?

The Enhanced Attestation API is Microsoft's new method for partner attestation. It requires partners to present the MCA using an embeddable component provided by Microsoft, then relay customer acceptance details through the API. It became available in production on July 10, 2025.

Can't Sell Microsoft Products? Here's Why (And How to Fix It)

If you're a CSP partner and your orders suddenly started failing, you're not alone. Microsoft's new MCA attestation requirements are now in effect, and partners who haven't adapted are getting blocked from completing sales.

Let's break down what's happening and what you need to do.

The Problem: Your Old Attestation Method No Longer Works

Microsoft changed how partners confirm their customers accepted the Microsoft Customer Agreement (MCA). The methods you've been using for years are now deprecated or completely retired:

Already gone:

Bulk attestation tool update functionality (retired October 7, 2025)
Partner Center UI attestation for new customers

Retiring January 5, 2026:

Legacy Partner Center API
Partner Center UX-based attestation

After January 5, 2026, there are only two ways to accept the MCA: Microsoft's new Enhanced Attestation API, or direct customer acceptance through the Microsoft 365 Admin Center.

No API integration? No attestation through Partner Center? Your net new customer purchases get blocked.

Who's Affected

This impacts all direct bill partners and distributors who:

Use the Partner Center UX to attest on behalf of customers
Rely on the legacy attestation API
We're using the bulk attestation tool
Haven't migrated to the new Enhanced Attestation API

Additionally, if you attested for customers before April 1, 2023, and haven't re-attested since, you're already blocked from key Partner Center actions like new purchases, quantity increases, and subscription upgrades.

What Microsoft Changed (And Why)

Microsoft's audit findings showed that many partners couldn't provide proper proof that customers actually accepted agreements. This created compliance gaps, regulatory risks, and security concerns.

The new Enhanced Attestation API addresses this by requiring partners to present the MCA using an embeddable component provided by Microsoft. Customers see the actual agreement and explicitly accept it.

Partners then relay the acceptance details through the API. It's more compliant. It's more auditable. And it's now mandatory.

Your Options (Choose One)

Option 1: Direct Customer Acceptance

Have your customers accept the MCA themselves through the Microsoft 365 Admin Center. No API work is required on your end. But it adds friction to your sales process, and you lose control over the customer's experience.

Option 2: Integrate the Enhanced Attestation API

Build or adopt the new API into your workflow. This lets you maintain the partner-attested experience while meeting Microsoft's compliance requirements. It's more work upfront, but it keeps your sales process streamlined.

How CloudCockpit Solves This

CloudCockpit's MCA Attestation feature handles the complexity for you.

Instead of building API integrations from scratch or forcing customers through Microsoft's admin portal, CloudCockpit provides:

Built-in MCA attestation workflow directly in your existing provisioning process
Compliance tracking so you know exactly which customers have valid MCAs
Streamlined customer experience without redirecting to external portals

You keep selling. Your customers stay happy. Microsoft stays compliant.