Microsoft 365 App Certification Program
The Microsoft 365 App Certification program offers assurance and confidence to enterprise organizations that data and privacy are adequately secured and protected when third-party Microsoft Word, Excel, PowerPoint, Outlook, Teams integration, or Graph API apps are introduced to the Microsoft 365 platform. Applications that pass validation will be designated Microsoft 365 App Certified throughout the Microsoft 365 ecosystem.
The program consists of two tiers, Publisher Attestation where a developer submits detailed security and compliance information about their app, and Application Certification where that information, and more, is reviewed and approved by an app analyst.
Currently, Microsoft 365 App Certification is limited to Microsoft Teams app integrations.
In these topics, you'll find details and guidance for the Microsoft 365 App Publisher Attestation and App Certification programs. You'll also be able to easily navigate to the app attestation and certification pages to find an app and view the supporting documentation.
|What is App Publisher Attestation?||Details of what it means for an app to have achieved Publisher Attestation.|
|What is Microsoft 365 App Certification||Details of what it means for an app to have achieved Microsoft 365 App Certification.|
|Publisher Attestation?||Learn how to submit your Microsoft 365 App Publisher Attestation.|
|App Certification||Overview of how to start the Microsoft 365 App Certification process.|
|App Certification submission guide||Detailed guidance for submitting your app for certification, and the information that will be certified.|
|Microsoft 365 platform apps||Discover participating Microsoft 365 App Publisher Attestation and App Certification apps:|
|Apps for Microsoft Teams|
|Apps for Microsoft Office 365|
|Apps for Microsoft Outlook|
|Apps for Microsoft Excel|
|Apps for Microsoft Word|
|Apps for Microsoft PowerPoint|
|Apps for Microsoft OneNote|
|Apps for Microsoft Project|
Before starting the Microsoft 365 App Certification process, developers are required to successfully complete a Publisher Attestation submission. The attestation framework includes a comprehensive questionnaire covering vital approval criteria advanced by enterprise administrators and information security teams. Documentation queries center on the following protocols:
Application security—what controls does the app have in place to prevent cyber and app-specific attacks?
Application data handling—how does the app collect, store, distribute, and record information?
Application compliance—does the app meet internal compliance policies as well as external regulatory requirements?
The attestation response data is hosted in an online repository where it can be viewed in a unified and consistent format.
For example, See Microsoft Teams App Security and Compliance
The developer, solely affirms the veracity, accuracy, and integrity of the attestation documentation and corresponding app performance data. If the documentation is found to contain erroneous or inaccurate information, the attestation confirmation status will be either rejected or rescinded.
Microsoft 365 App Certification
Microsoft 365 Certification is achieved through the successful submission and approval of an app's Publisher Attestation and supported by additional validation. The primary review fields for the assessment focus on the infrastructure supporting the app and the app itself. See Microsoft 365 App Certification Submission Guide. Once all certification criteria have been met, the submission will be approved, the app will achieve Microsoft 365 app certified status, and will be listed on Microsoft platforms with the certified attribute.
The certification will be valid for one year from the time of submission. However, if within the interim approval status period, the app is updated or modified, or attestation submission misinformation or app failure is reported, the developer must revise and resubmit the certification documentation for review.