Microsoft 365 App Compliance Program

The Microsoft 365 App Compliance Program, is a three tier approach to app security and compliance. Each tier builds upon the next – offering a layered program to give application users the confidence they need while using apps in the M365 ecosystem. Currently all tiers in the program are voluntary to be completed at the app developers discretion.

Mission Statement: Microsoft customers have complete trust in the applications that run their enterprise 3 Tier Approach to App Compliance

Publisher Verification

Publisher Verification (preview) helps admins and end users understand the authenticity of application developers integrating with the Microsoft identity platform. When an application is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration. Publisher Verification applies to apps that are: 

  • Using OAuth 2.0 and OpenID Connect to sign users in and request access to data using service-side APIs such as Microsoft Graph.
  • Registered in Azure AD as multi-tenant.

Publisher Attestation

Publisher Attestation is where developers share general, data handling, and security and compliance information pertaining to their app ecosystems. This reduces the need for IT Admins to work directly with app publishers. All the information needed to make an informed decision can be found for all apps that have completed the publisher attestation in one place and in a consistent format. The goal is to make it easier and speed up the process of app adoption while assuring customers that the apps they enable in their tenants meets their organizational standards.

Publisher Attestation applies to apps that integrate with:

  • Teams
  • Word
  • Excel
  • PowerPoint
  • Outlook

Important

The developer, solely affirms the veracity, accuracy, and integrity of the attestation documentation and corresponding app performance data. If the documentation is found to contain erroneous or inaccurate information, the attestation confirmation status will be either rejected or rescinded.

M365 Certification

The M365 Certification offers assurance and confidence to enterprise organizations that data and privacy are adequately secured and protected when using Microsoft Teams apps. Certification confirms that an app solution is compatible with Microsoft technologies, compliant with cloud app security best practices, and supported by Microsoft. During this process, app developers work with a third-party assessor to validate organizational security and compliance standards. M365 Certification applies to apps that integrate with:

  • Teams
  • Coming soon: will offer same application type coverage as Publisher Attestation

Note

Currently, M365 Certification is limited to Microsoft Teams app integrations.