Partner's User Guide for Microsoft 365 App Compliance Program

Phase Title
Phase 1 Publisher Attestation
Phase 2 Microsoft 365 Certification

1. Overview

This document acts as a step-by-step user guide for our partners enrolled in the Microsoft 365 App Compliance program aiming to undergo Publisher Attestation and Certification though the Partner Center portal.

2. Acronyms & Definitions

Acronym Definition
PC (Partner Center) A portal for all Microsoft partners. A partner logs in to Partner Center and submits self-assessment questionnaire. Partner Center for Microsoft 365 App Compliance
ISV Independent Software Vendor. A.k.a. partner or developer
App Source Catalog of apps
Example Now virtual agent

3. Publisher Attestation Workflow

Home Page : This is the landing page once a partner logs in to Partner Center.

Step 1 : Select Marketplace Offers.

Commercial Marketplace in Partner Center

Step 2: After selecting 'Marketplace Offers', toggle to 'Office Store'. Select an app from the list to begin the Publisher Attestation process.

Selecting an app in Commercial Marketplace

On selecting an app, another navigation bar will pop up with option ‘App Compliance’.

Step 3: Select 'App Compliance’

Select App Compliance

Step 4: Fill out the self-assessment questionnaire for Publisher Attestation

Publisher Attestation

Note If you are coming back to update/re-submit your application, click dropdown for ‘Choose the product’, select the app and click ‘Clone.’

Clone

You can also leverage the Import/Export feature to complete the form offline and import it once completed.

Import Export Feature

Step 5: Once completed, click on ‘Submit’, the assessment will now be ‘Under Review.'

Click Sumbit

Review is now in progress

Approve/Reject Scenarios:

A. Publisher Attestation Rejection

  • In case of rejection at this stage, an partner can:
    • View failure report
      • Partner will be notified via email, and they can view the failure report in Partner Center
    • Update and re-submit Publisher Attestation

Update and resubmit assessment

B. Publisher Attestation Approval

  • Upon approval partner can:
    • Update and resubmit attestation
    • View and share completed Publisher Attestation
    • Start Microsoft 365 Certification process

Update and resubmit

Begin M365 App Certification

Post Publisher Attestation Approval: Example of link in AppSource for publisher attested apps

Example of completed attestation

4. Microsoft 365 Certification Workflow

A partner can begin the Certification process by selecting the checkbox and clicking ‘Submit’

Start Certification

Step 1: Initial Document Submission Fill out all the details, upload relevant documents and Click ‘Submit’

Initial Submission Initial Submission 2

On clicking submit, the attestation submission will be under review.

Certificaiton under review

An analyst requests a revision in case the initial documents are not sufficient or relevant. The analyst will work with the partner to help get the right documents for approval.

Analyst reviewing submission

Once the analyst approves the initial document submission, the partner needs to submit the control requirements.

Step 2: Control Requirement Submission Fill out all the details, upload relevant documents and Click ‘Submit’

Complete Control Requirements Upload Evidence Assure control requirements are complete

On clicking Submit, the certification submission will be under review.

Evidence under review

An analyst requests a revision in case the control requirement documents are not sufficient or relevant. The analyst will work with the partner to help get the right documents for approval.

Evidence needs updating Understand which evidence needs updating Evidence under review

In case the submission does not satisfy the approval standards, the analyst will reject the submission. The partner can work with the analyst to provide the relevant information and documents.

Submission rejected

Once all the security standards have been met, the analyst will approve the submission and the partner will be Microsoft 365 Certified.

Submission approved

Post Certification Approval: Example of Microsoft 365 certification badge in AppSource

Example of Certification badge

5. Microsoft 365 Renewal Workflow:

Microsoft 365 Publisher Attestation and Certification Renewal Workflow: Microsoft 365 App Compliance Program now offers an annual renewal process. During this process, app developers can update their existing Publisher Attestation questionnaire and documents required for Microsoft 365 Certification.

Benefits:

  • Maintain your certification badge in AppSource, the Teams Store, the Office Store and other storefronts to differentiate the app.
  • Increase customer confidence in using your certified app.
  • Help IT admins make informed decisions with updated certification information.

The renewal process is available in Partner Center to provide a seamless experience. A renewal reminder will be shown in Partner Center starting 90 days before the expiration date. Periodic reminders will also be sent via email at 90, 60 and 30 days before expiration.

Phase 1: Publisher Attestation Renewal:

The new renewal process is available in Partner Center to provide a seamless experience. A renewal reminder will be shown in Partner Center starting 90 days before the expiration date. Periodic reminders will also be sent via email at 90, 60 and 30 days before expiration.

Step 1: Select Renew to renew the Publisher Attestation.

Microsoft 365 Publisher Attestation and Certification Renewal Workflow

Step 2: Review the previous Publisher Attestation answers and update with the latest information as needed. Submit Publisher Attestation for renewal when ready. It will be reviewed by an Microsoft 365 app compliance analyst.

Update the Publisher Attestation

Publisher Attestation Renewal Approved

Publisher Attestation Renewed

Publisher Attestation Expired: The app’s information needs to be renewed before the expiration date to maintain the app’s Publisher Attestation page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in AppSource, Teams Store, Office Store and other storefronts.

Publisher Attestation Expired

Note: Once expired, Publisher Attestation renewal process can be started anytime by clicking ‘Renew’.

Phase 2: Microsoft 365 Certification Renewal

The app’s certification information needs to be resubmitted on an annual basis. This will require revalidation of the in-scope controls of your current environment. When the Certification nears 1-year mark an email notification will be sent encouraging a resubmission of the documents and evidence.

Certification Renewal

Certification Renewal Approve/Reject Scenarios:

Scenario 1:

Certification renewal has started and is under review.

Certification Renewal under review

Scenario 1A:

Certification renewal rejection: Certification may be rejected if:

  • The app does not have the required tooling, processes, or configurations in place and will not be able to implement required changes within the certification window.
  • The app has outstanding vulnerabilities in place and cannot be fixed within the certification window.

Certification Rejection

Scenario 1B:

Certification renewal is approved

Certification Renewal Approved

Certification Expiration:

The app’s information needs to be renewed before the expiration date to maintain app’s Certification page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in AppSource and Team Store.

The app’s information needs to be renewed before the expiration date to maintain app’s Certification page on the Microsoft docs. Timely renewal will also ensure continued badging and icons for the app in AppSource, Teams Store, Office Store and other storefronts.

Certification Renewal Expired

Note: Once expired, Publisher Attestation and Certification process can be started anytime by clicking ‘Renew’.