DORA Regulations and Azure CSP (Reseller)

Cristian Nedelcu 20

Hi team - we have customers asking us for DORA addendums in their Azure contracts - as they are in our CSP model, that would fall under the MCA framework - what is the guidance from Microsoft on that, has the MCA been updated so that it is fit for purpose under the DORA framework?

Rahul Podila 1,830 Reputation points Microsoft Vendor

2025-01-20T09:40:17.0566667+00:00

Hi @Cristian Nedelcu

Thanks for posting your query and using Microsoft Q&A Forum,

We are checking with our internal team to get more information related to your query and will get back to you as soon as once we have an update.
Cristian Nedelcu 20 Reputation points

2025-01-20T09:56:24.9466667+00:00

Thank you Rahul - it's important to get clarity on this topic, as far as I know, partner-led MCA agreements do not allow for custom addendums, so we rely on the MCA legal framework as-is.

I'll look forward to the updates. thanks!
Rahul Podila 1,830 Reputation points Microsoft Vendor

2025-01-20T10:46:22.6633333+00:00

Hi @Cristian Nedelcu

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

At this time, Microsoft does not provide a specific DORA reminder for the Microsoft Cloud Agreement (MCA) under the CSP model. However, the Azure service is already designed to meet many of DORA’s key requirements, particularly in terms of business flexibility, security and risk management

Microsoft offers several compliance tools, such as Azure Compliance Manager and Trust Center, which demonstrate Azure's compliance with various regulations, including those related to business change These tools can help meet most DORA requirements.

If you want more information or have specific concerns, I’d be happy to help you review those or work with Microsoft to find information that best suits your needs.

If you have any further queries, do let us know

If the answer is helpful, please click "Accept Answer" and "Upvote it"
Cristian Nedelcu 20 Reputation points

2025-01-20T11:02:14.37+00:00

Thanks Rahul - Does Microsoft offer any DORA specific addendum should the customer decide to opt for a direct agreement, such as EA/ Microsoft led MCA?
Rahul Podila 1,830 Reputation points Microsoft Vendor

2025-01-21T01:32:43.8966667+00:00

Hi @Cristian Nedelcu

Just want to check if the above answer worked for you or else please let us know if any help, we are always here to help whenever you need us.

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.
Cristian Nedelcu 20 Reputation points

2025-01-21T10:13:03.6933333+00:00

Thanks Rahul - I appreciate the clarification.
Rahul Podila 1,830 Reputation points Microsoft Vendor

2025-01-21T17:06:03.2566667+00:00

Hi @Cristian Nedelcu

Thank you, If your possible please Accept my Answer
Carl Vanden Eynde 0 Reputation points Microsoft Employee

2025-02-18T16:06:55.8333333+00:00

Allow me to overrule this :
https://microsoft.sharepoint.com/:w:/r/sites/GlobalCyberSecurity/_layouts/15/doc2.aspx?sourcedoc=%7B0AE3241B-4C03-4A09-8728-7472F9289535%7D&file=DORA%20FAQ%20February%2013%202025_Microsoft%20Confidential.docx&action=default&mobileredirect=true&DefaultItemOpen=1

contains this passage :

Partners:

The DORA Addenda supporting Microsoft Customer Agreement for Enterprise (MCA-E) and Cloud Solution Provider (CSP) for direct and Independent Software Vendor (ISV) engagements has been published on the Partner Center.

aka partner should be able to provide it through partner center?

Accepted answer

Rahul Podila 1,830 Reputation points Microsoft Vendor

2025-01-20T11:34:32.57+00:00

Hi @Cristian Nedelcu

Microsoft does not offer a specific DORA addendum for the Microsoft Cloud Agreement (MCA) or other direct agreements such as Enterprise Agreements (EA). However, as I mentioned earlier, the Azure service is already designed to meet many of DORA's key requirements, particularly in terms of business flexibility, security, and risk management.

If your customer has specific concerns or requirements related to DORA, you can work with Microsoft to find information that best suits their needs. Microsoft offers several compliance tools, such as Azure Compliance Manager and Trust Center, which can help demonstrate Azure's compliance with various regulations and standards, including those related to DevOps and software development.

Additionally, Microsoft provides guidance and best practices for implementing DevOps practices in Azure, which can help your customer achieve their DevOps goals while also meeting their compliance and security requirements.

If you have any further queries, do let us know

If the answer is helpful, please click "Accept Answer" and "Upvote it"
Please sign in to rate this answer.

1 person found this answer helpful.
Rahul Podila 1,830 Reputation points Microsoft Vendor

2025-01-23T00:59:19.68+00:00

Hi @Cristian Nedelcu

We haven't heard back from you. Please reply if you have any questions in this matter and we will gladly continue the discussion.

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

1 additional answer

Carl Vanden Eynde 0 Reputation points Microsoft Employee

2025-02-18T16:07:52.77+00:00

Allow me to overrule this : https://microsoft.sharepoint.com/:w:/r/sites/GlobalCyberSecurity/_layouts/15/doc2.aspx?sourcedoc=%7B0AE3241B-4C03-4A09-8728-7472F9289535%7D&file=DORA%20FAQ%20February%2013%202025_Microsoft%20Confidential.docx&action=default&mobileredirect=true&DefaultItemOpen=1

contains this passage :

Partners:

The DORA Addenda supporting Microsoft Customer Agreement for Enterprise (MCA-E) and Cloud Solution Provider (CSP) for direct and Independent Software Vendor (ISV) engagements has been published on the Partner Center.

aka partner should be able to provide it through partner center?
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

DORA Regulations and Azure CSP (Reseller)

1 additional answer

Your answer