Microsoft 365 App Compliance Program
The Microsoft 365 App Compliance Program, is a three tier approach to app security and compliance. Each tier builds upon the next – offering a layered program to give users the confidence they need while using apps in the Microsoft 365 ecosystem. Currently all tiers in the program are voluntary and are completed at the app developers discretion.
Our mission statement: Microsoft customers have complete trust in the applications that run their organizations.
Publisher Verification helps admins and users understand the authenticity of app developers integrating with the Microsoft identity platform. When an app is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration. Publisher Verification applies to apps that meet the following conditions:
- Using OAuth 2.0 and OpenID Connect to sign users in and request access to data using service-side APIs such as Microsoft Graph.
- Registered in Azure AD as multi-tenant.
Publisher Verification does not preclude an app developer from starting or completing Publisher Attestation or Microsoft 365 Certification. If it does not apply to the app verification may be skipped and the attestation can be started.
Publisher Attestation is where developers share general, data handling, and security and compliance information about their app service. This reduces the need for IT admins to work directly with app publishers. All the information needed to make an informed decision can be found for all apps that have completed the publisher attestation in one place and in a consistent format. The goal is to make it easier and speed up the process of app adoption while assuring customers that the apps they use in their tenants meets their organizational standards.
Publisher Attestation applies to WebApps, and all apps that integrate with the following Microsoft products:
Microsoft does not validate the information provided. The developer, solely affirms the veracity, accuracy, and integrity of the attestation documentation and corresponding app performance data.
Microsoft 365 Certification
The Microsoft 365 Certification offers assurance and confidence to organizations that data and privacy are adequately secured and protected when using Microsoft Teams apps. Certification confirms that an app solution is compatible with Microsoft technologies, compliant with cloud app security best practices, and supported by Microsoft. During this process, app developers work with a third-party assessor to validate organizational security and compliance standards. Microsoft 365 Certification applies to the same apps that qualify for the Publisher Attestation.