Partner's User Guide for Microsoft 365 App Compliance Program - SaaS
|Phase 1||Publisher Attestation|
|Phase 2||Microsoft 365 Certification|
This document acts as a step-by-step user guide for our partners, enrolled for Microsoft 365 App Compliance program aiming to undergo Publisher Attestation and Certification for their SaaS apps, though the Partner Center portal.
2. Acronyms & Definitions
|PC (Partner Center)||A portal for all Microsoft partners. A partner logs in to Partner Center and submits self-assessment questionnaire. Partner Center for Microsoft 365 App Compliance|
|ISV||Independent Software Vendor a.k.a. Partner or Developer|
|App Source||Catalog of apps|
|Example||Now virtual agent|
3. Publisher Attestation Workflow
Home Page: This is the landing page once a partner logs in to Partner Center.
Step 1 : Select Marketplace Offers
Step 2: After selecting 'Marketplace Offers', toggle to 'Commercial Marketplace'.
Select an app from the list and another navigation bar will pop up with option ‘App Compliance’.
Step 3: Select 'App Compliance’
Step 4: Fill out the self-assessment questionnaire for Publisher Attestation.
NOTE If you are coming back to update/re-submit your application, click dropdown for ‘Choose the product’, select the app and click ‘Clone’.
You can also leverage the Import/Export feature to complete the form offline and import it once completed.
Step 5: Once completed, click on ‘Submit’, the assessment will now be ‘Under Review’.
A. Publisher Attestation Rejection
- In case of rejection, a partner can:
- View failure report
- Partner will be notified via email, and they can view the failure report in Partner Center
- Update and re-submit self-assessment questionnaire.
- View failure report
B. Publisher Attestation Approval
- Upon approval, the partner can:
- Update and resubmit attestation
- View completed Publisher Attestation
- Start the Microsoft 365 Certification process
Post Publisher Attestation Approval: Example of link in AppSource for publisher attested apps.
4. Microsoft 365 Certification Workflow
A partner can begin the Certification process by selecting the checkbox and clicking ‘Submit’
Step 1 : Initial Document Submission
Fill out all the details, upload relevant documents and click ‘Submit’
On clicking submit, the initial document submission will be under review.
An analyst requests a revision in case the initial documents are not sufficient or relevant. The analyst will work with the partner to help get the right documents for approval.
Once the analyst approves the initial document submission, the partner needs to submit the control requirements.
Step 2: Control Requirement Submission
Fill out all the details, upload relevant documents and Click ‘Submit’
On clicking Submit, the initial document submission will be under review.
An analyst requests a revision in case the control requirement documents are not sufficient or relevant. The analyst will work with the partner to help get the right documents for approval.
In case the submission does not satisfy the approval standards, the analyst will reject the submission.
The partner can work with the analyst to provide the relevant information and documents.
Once all the security standards have been met, the analyst will approve the submission and the partner will be Microsoft 365 Certified.
Post Certification Approval: Example of Microsoft 365 certification badge in AppSource.
5. Microsoft 365 Renewal Workflow:
Microsoft 365 Publisher Attestation and Certification Renewal Workflow:
Microsoft 365 App Compliance program now offers an annual renewal process. During this process, app developers can update their existing Publisher Attestation questionnaire and documents required for Microsoft 365 Certification.
- Maintain your certification badge in AppSource, the Office Store, the Teams Store and various admin portals to differentiate your app from others.
- Increase customer confidence in using your certified app.
- Help IT admins make informed decisions with updated certification information.
The new renewal process is available in Partner Center to provide a seamless experience. A renewal reminder will be shown in Partner Center starting 90 days before the expiration date. Periodic reminders will also be sent via email at 90, 60 and 30 days before expiration.
Phase 1: Publisher Attestation Renewal:
The app’s Publisher Attestation answers will need to be resubmitted on an annual basis. When the attestation nears the 1-year mark, an email reminder will be sent encouraging a resubmission of the attestation.
Step 1: Select Renew to renew the Publisher Attestation.
Step 2: Review the previous Publisher Attestation answers and update with the latest information as needed.
Submit Publisher Attestation for renewal when ready. It will be reviewed by an M365 App Compliance analyst.
Publisher Attestation Renewal Approved:
Publisher Attestation Expired:
The app’s information needs to be renewed before the expiration date to maintain the app’s Publisher Attestation page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in various storefronts.
Note: Once expired, Publisher Attestation renewal process can be started anytime by clicking ‘Renew’.
Phase 2: Microsoft 365 Certification Renewal
The app’s certification information needs to be resubmitted on an annual basis. This will require revalidation of the in-scope controls of your current environment. When the Certification nears 1-year mark an email notification will be sent encouraging a resubmission of the documents and evidence.
Certification Renewal Approve/Reject Scenarios:
Certification renewal has started and is under review.
Certification renewal rejection:
- Certification may be rejected if:
- The app does not have the required tooling, processes, or configurations in place and will not be able to implement required changes within the certification window.
- The app has outstanding vulnerabilities in place and cannot be fixed within the certification window.
Certification renewal is approved
The app’s information needs to be renewed before the expiration date to maintain app’s Certification page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in AppSource and Team Store.
Note: Once expired, Publisher Attestation and Certification process can be started anytime by clicking ‘Renew’.