Check for app registration type: Free, Trial or Contact me.
Verify the submitted package contains all the artifacts required to publish on AppSource.
Download the end-to-end (E2E) functional document from Partner Center and validate if document is updated with functional scenarios and user/admin journey.
Code Validation
Code validation for canvas apps will be done through Accessibility Checker tool in Power Apps to check for the following:
Static formula errors and warnings: If any issues found then certification team will share the feedback to resolve and resubmit to AppSource.
Runtime errors: May occur once the app is opened in Run mode to view. Any issues found will be reported through email.
Accessibility errors and warnings: All Accessibility errors should be resolved as per Solution Checker guidelines.
Code Validation for Dataverse solution will be done utilizing Power Apps Checker.
Issues reported from Power Apps Checker will be manually validated for correctness and false positive issues will be reduced to low severity.
The quality of the solution and packages are validated against the AppSource certification ruleset.
Generated report is shared with the publisher through email.
Deployment Validation
Solution will be installed to a Power Apps studio using Package Deployer. Installed canvas apps will be manually located in the solution as well as on Apps section after installation and will make sure the app is opened in edit and run mode. Canvas App will be manually deleted from Power Apps studio to validate successful uninstallation
Check the canvas app successfully connects through the connectors provided by the publishers. For example, Dataverse or any other connections.
Check all Dataverse components (tables, web resources, plug-ins and other components) are available in the solution.
Manually uninstall the solution and check if all the components associated to the managed solution is removed.
Functionality Validation
Validate the functionality of the app based on the functional document shared by the publisher. All the features that are implemented in the app should pass.
Publisher should submit E2E functional document through Partner Center or can share video links through emails.
If app requires any license configuration, certification team will share the instance details for publisher to update the required license.
Security Validation
Check whether canvas app connects to any external data source or connections that require access, and proper connection details to be shared in E2E document.
Check canvas app connects to any external connections out of Power Apps connectors.
Check any custom code provided inside Package Deployer. Validate the code before approving the app to AppSource.
Manually validate the code to see if the custom code is retrieving any customer data from target environment.
Publisher can run code in their package as part of deployment.
Publisher can access anything that the deploying customer can access inside the Dataverse instance whwre the deployment is happening.
Publisher can add service accounts to Dataverse with a consent flow disclosing that the service account is being added. This generally requires Single Page Application, and in case of first parties, the consent is automatic.
Any service account added to the customers tenant should not be granted Maker, System Admin, or System customizer security roles. Publisher should have a custom security role that provides least privilege access for the action.
Canvas apps and flows that connect to data sources other than Dataverse
Sanity Check
Check canvas app contains a valid .msapp file.
Check the package folder has all required components like manifest, Jason and other image components.
Code Validation
Same as explained earlier for model-driven apps, canvas apps, and flows that connect to Dataverse
Deployment Validation
Canvas app will be manually installed to a Power Apps studio using import Apps feature. Installed canvas apps will be manually located in the Apps section after installation and will make sure the app is opened in edit and run mode. Canvas app will be manually deleted from Power Apps studio to validate successful uninstallation.
Check that the canvas app successfully connects the connectors provided by the publishers.
Functionality Validation
Same as explained earlier for model-driven apps, canvas apps, and flows that connect to Dataverse
Security Validation
Same as explained earlier for model-driven apps, canvas apps, and flows that connect to Dataverse