Microsoft 365 App Compliance Program
The Microsoft 365 App Compliance Program, is a two step approach to app security and compliance and includes Publisher Verification, and the Microsoft 365 Certification. Each tier builds upon the next – offering a layered program to give users the confidence they need while using apps in the Microsoft 365 ecosystem.
Our mission: give Microsoft customers a way to completely trust in the applications that run their organizations.
Publisher Verification helps admins and users understand the authenticity of app developers integrating with the Microsoft identity platform. When an app is marked as publisher verified, it means that the publisher has verified their identity using a Microsoft Partner Network account that has completed the verification process and has associated this MPN account with their application registration. Publisher Verification applies to apps that meet the following conditions:
- Using OAuth 2.0 and OpenID Connect to sign users in and request access to data using service-side APIs such as Microsoft Graph.
- Registered in Azure AD as multi-tenant.
Publisher Verification does not preclude an app developer from starting or completing Publisher Attestation or Microsoft 365 Certification. If it does not apply to the app verification may be skipped and the attestation can be started.
Microsoft 365 Certification
The Microsoft 365 Certification process has two phases: Attestation and Certification.
- Attestation involves completing a questionnaire about the security, data handling and compliance attributes of an app which are most important to customers. All the information is then published in one place and in a consistent, easy to read format. The goal is to speed up the process of app adoption while assuring customers that the apps they use in their tenants meet their organizational standards.
- Certification involves a thorough audit of an app against a set of controls derived from leading industry standard frameworks. ISVs will be asked to provide evidence to demonstrate that they are meeting each control prior to getting awarded a certification. The goal is to give customers assurance that they can trust app that apps who have received a Microsoft 365 Certification have strong security and compliance practices are in place to protect their data security, and privacy.
The Microsoft 365 Certification applies to WebApps, and all apps that integrate with the following Microsoft products: