Partner's User Guide for Microsoft 365 App Compliance Program - SaaS

Phase Title
Phase 1 Publisher Attestation
Phase 2 Microsoft 365 Certification

1. Overview

This document acts as a step-by-step user guide for our partners, enrolled for Microsoft 365 App Compliance program aiming to undergo Publisher Attestation and Certification for their SaaS apps, though the Partner Center portal.

2. Acronyms & Definitions

Acronym Definition
PC (Partner Center) A portal for all Microsoft partners. A partner logs in to Partner Center and submits self-assessment questionnaire. Partner Center for Microsoft 365 App Compliance
ISV Independent Software Vendor a.k.a. Partner or Developer
App Source Catalog of apps
Example Now virtual agent

3. Publisher Attestation Workflow

Home Page: This is the landing page once a partner logs in to Partner Center.

Step 1 : Select Marketplace Offers

Commercial Marketplace in Partner Center

Step 2: After selecting 'Marketplace Offers', toggle to 'Commercial Marketplace'.

Selecting an app in Commercial Marketplace

Select an app from the list and another navigation bar will pop up with option ‘App Compliance’.

Step 3: Select 'App Compliance’

App Compliance in Commercial Marketplace

Step 4: Fill out the self-assessment questionnaire for Publisher Attestation.

Complete Publisher Attestation

NOTE If you are coming back to update/re-submit your application, click dropdown for ‘Choose the product’, select the app and click ‘Clone’.

Clone Feature

You can also leverage the Import/Export feature to complete the form offline and import it once completed.

Import Export Feature

Step 5: Once completed, click on ‘Submit’, the assessment will now be ‘Under Review’.

Submit Publisher Attesation Confirmation of submission

Approve/Reject Scenarios:

A. Publisher Attestation Rejection

  • In case of rejection, a partner can:
    • View failure report
      • Partner will be notified via email, and they can view the failure report in Partner Center
    • Update and re-submit self-assessment questionnaire.

Publisher Attestation Rejected

B. Publisher Attestation Approval

  • Upon approval, the partner can:
    • Update and resubmit attestation
    • View completed Publisher Attestation
    • Start the Microsoft 365 Certification process

Publisher Attestation Completed

Starting the Microsoft 365 Certification

Post Publisher Attestation Approval: Example of link in AppSource for publisher attested apps.

Approved Contact Example

4. Microsoft 365 Certification Workflow

A partner can begin the Certification process by selecting the checkbox and clicking ‘Submit’

Start Microsoft 365 Certification

Step 1 : Initial Document Submission

Fill out all the details, upload relevant documents and click ‘Submit’

Initial Document Submission Submit Initial Document Submission

On clicking submit, the initial document submission will be under review.

Initial Document Submission under review

An analyst requests a revision in case the initial documents are not sufficient or relevant. The analyst will work with the partner to help get the right documents for approval.

Updates Needed

Once the analyst approves the initial document submission, the partner needs to submit the control requirements.

Step 2: Control Requirement Submission

Fill out all the details, upload relevant documents and Click ‘Submit’

Complete Control requirements

Upload Control requirements

Control requirements met

On clicking Submit, the initial document submission will be under review.

Submission under review

An analyst requests a revision in case the control requirement documents are not sufficient or relevant. The analyst will work with the partner to help get the right documents for approval.

Evidence needs updated

Which controls need updated

Review in progress

In case the submission does not satisfy the approval standards, the analyst will reject the submission.

The partner can work with the analyst to provide the relevant information and documents.

Certification rejected

Once all the security standards have been met, the analyst will approve the submission and the partner will be Microsoft 365 Certified.

Microsoft 365 App Certification Approved

Post Certification Approval: Example of Microsoft 365 certification badge in AppSource.

Post Certification Approval

5. Microsoft 365 Renewal Workflow:

Microsoft 365 Publisher Attestation and Certification Renewal Workflow:

Microsoft 365 App Compliance program now offers an annual renewal process. During this process, app developers can update their existing Publisher Attestation questionnaire and documents required for Microsoft 365 Certification.

Benefits:

  • Maintain your certification badge in AppSource, the Office Store, the Teams Store and various admin portals to differentiate your app from others.
  • Increase customer confidence in using your certified app.
  • Help IT admins make informed decisions with updated certification information.

The new renewal process is available in Partner Center to provide a seamless experience. A renewal reminder will be shown in Partner Center starting 90 days before the expiration date. Periodic reminders will also be sent via email at 90, 60 and 30 days before expiration.

Phase 1: Publisher Attestation Renewal:

The app’s Publisher Attestation answers will need to be resubmitted on an annual basis. When the attestation nears the 1-year mark, an email reminder will be sent encouraging a resubmission of the attestation.

Step 1: Select Renew to renew the Publisher Attestation.

Renewel approved

Step 2: Review the previous Publisher Attestation answers and update with the latest information as needed.

Submit Publisher Attestation for renewal when ready. It will be reviewed by an M365 App Compliance analyst.

Renew to Attestation

Publisher Attestation Renewal Approved:

Submit for renewal

Publisher Attestation Expired:

The app’s information needs to be renewed before the expiration date to maintain the app’s Publisher Attestation page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in various storefronts.

Renewel approved

Note: Once expired, Publisher Attestation renewal process can be started anytime by clicking ‘Renew’.

Phase 2: Microsoft 365 Certification Renewal

The app’s certification information needs to be resubmitted on an annual basis. This will require revalidation of the in-scope controls of your current environment. When the Certification nears 1-year mark an email notification will be sent encouraging a resubmission of the documents and evidence.

Attestation Renewel

Certification Renewal Approve/Reject Scenarios:

Scenario 1:

Certification renewal has started and is under review.

Certification renewel

Scenario 1A:

Certification renewal rejection:

  • Certification may be rejected if:
    • The app does not have the required tooling, processes, or configurations in place and will not be able to implement required changes within the certification window.
    • The app has outstanding vulnerabilities in place and cannot be fixed within the certification window.

Certification Rejection

Scenario 1B:

Certification renewal is approved

Certification renewel approval

Certification Expiration:

The app’s information needs to be renewed before the expiration date to maintain app’s Certification page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in AppSource and Team Store.

Certification renewel approval

Note: Once expired, Publisher Attestation and Certification process can be started anytime by clicking ‘Renew’.