The MSI or EXE app certification process

Note

MSI and EXE support in the Microsoft Store is currently in a limited public preview phase. As the size of the preview expands, we'll be adding new participants from the wait list. To join the wait list, click here.

When you finish creating your app's submission and submit it to the Microsoft Store, the submission enters the certification step. This process usually takes 24 hours, though in some cases it may take up to three business days. After your submission passes certification, it can take up to 24 hours for customers to see the app’s listing.

Your app package will be downloaded from the package URL you specified. Any instructions in the certification notes will be followed. We'll display a message if we detect any errors during preprocessing. During this phase, several tests are conducted to validate your app submission. You’ll be notified if your submission fails any of these tests.

When your submission is published, you'll be notified and the app's status in the dashboard will be In the Store.

Before publishing, apps are subject to two categories of tests: security tests and content compliance.

Security tests

Your app submission will be subject to a series of checks.

Package URL

You must provide a secure (HTTPS) package URL. Your submission will not proceed to the next step if this test has failed.

The package URL must host your app’s installer packaged as an .exe or .msi file. Your submission will not proceed to the next step if this test has failed.

Important

The installer binary on the package URL must not change once it has been submitted. We recommend that you create and submit versioned package URLs (such as https://contoso.com/downloads/1.1/myinstaller.msi). If you need to update the package URL, you may create a new app submission with a new package URL.

Malware test

This test checks your app for viruses, malware, and unwanted applications using static and dynamic scanning technologies. If your app fails this test, you'll need to check your development system by running the latest antivirus software, then rebuild your app's package on a clean system.

We highly recommended that you scan your app with Microsoft Defender or another consumer antivirus software that's compatible with Windows to ensure that it is free from malware and unwanted apps.

Silent install

This test checks typically checks for the following behavior in your app:

  • Can install silently without any user interfaces visible to the user. Any installer parameters you provide will be used when installing your package.
  • Can be successfully installed when logged in with a standard user account.
  • Can make an entry in the Windows Start menu and Programs list, so users can discover it. If your app does not need to do this, you should mention this in the Notes for Certification section of your submission.
  • Your app's installer is configured appropriately for Windows to query information such as ProductName, Publisher Name, Default Language, and Version info (as applicable) in places where customers expect to find such information, like in Add/Remove Programs in Windows. This information is part of your app’s installer package. See setting installer properties for details about how to set properties for your Windows installer.
  • Can uninstall cleanly without leaving remnants of files, folder, and registry entries.

Standalone/offline installer

This test checks if the installer you submitted is a standalone/offline installer and is not a downloader that downloads binaries when invoked. This is required to certify the binaries that get installed are the same ones that passed the certification process.

Bundleware check

This test checks if your app is attempting to install any additional third-party apps that may not be related to the core purpose of your app.

Dependency on non-Microsoft drivers/ NT services

This test will check to see if your app has a dependency on any type of non-Microsoft drivers or NT services. You are required to disclose such dependency in Partner Center during app submission.

Digital Signatures

Digital signatures are an integral part of ensuring a verified and trusted ecosystem of apps and updates on Windows. It is highly recommended that your EXE/MSI app and the Portable Executable (PE) files inside of it are digitally signed with a certificate that chains upto a certificate of a Certificate Authority (CA) that is part of the Microsoft Trusted Root Program.

Privacy policy

Include a valid privacy policy URL if your app requires one; for example, if your app accesses any kind of personal information in any way or is otherwise required by law. To help determine if your app requires a privacy policy, review the App Developer Agreement and the Microsoft Store Policies.

Additional tests

Depending on the type of app submitted, additional tests related to the app’s performance, security, stability, and reliability may be performed and observations shared with you for next steps.

Avoid common certification failures

Review this list to help avoid issues that frequently prevent apps from getting certified, or that might be identified during a spot check after the app is published.

  • Do not promote third-party apps during or after installation.
  • Submit your app only when it's finished. You're welcome to use your app's description to mention upcoming features, but make sure that your app does not contain incomplete sections, links to web pages that are under construction, or anything else that would give a customer the impression that your app is incomplete.
  • Test your app on several different configurations to ensure that it's as stable as possible.
  • Ensure that your app does not crash without network connectivity. Even if a connection is required to use your app, it needs to perform appropriately when no connection is present.
  • Provide any necessary info required to use your app, such as the username and password for a test account if your app requires users to log in to a service, or any steps required to access hidden or locked features.
  • Make sure that your app's description clearly represents what it does. For help, see our guidance on writing a great app description.
  • Do not declare your app as accessible unless you have specifically engineered and tested it for accessibility scenarios.
  • Review the Microsoft Store Policies to ensure your app meets all the requirements listed there.

Content compliance

The amount of time this test takes varies depending on how complex your app is, how much visual content it has, and how many apps have been submitted recently. Be sure to provide any info that testers should be aware of in the notes for certification section.

When the certification process is complete, if it did not pass, you'll receive an email that includes a report that indicates which test failed or which policy was not met. After you fix the problem, you can create a new submission for your app to start the certification process again.

Important

Your app's content should comply with the Microsoft Store Content Policies, and it will be tested in accordance with the policies. We highly recommend that you understand these policies prior to submitting your app.

Publishing

Your app will be published after it is certified. When this phase has begun, you can no longer cancel your submission.

We also conduct spot checks of apps after they've been published so we can identify potential problems and ensure that your app complies with all the Microsoft Store Policies. If we find any problems, you'll be notified about the issue and how to fix it, if applicable, or if it has been removed from the Microsoft Store.