Here in our Microsoft 365 App Compliance Team, the focus is to protect our customers’ data by creating a trusted ecosystem of secure and compliant apps.Our program also helps customers like you to distinguish and filter out apps, based on their own risk tolerance.
The Microsoft 365 App Compliance Program consists of 3 tiers:
Publisher Verification helps admins and users understand the authenticity of app developers integrating with the Microsoft identity platform.
Publisher Attestation is where developers share general, data handling, security and compliance information about their app service.
Microsoft 365 Certification offers assurance and confidence to organizations that data and privacy are adequately secured and protected when using Microsoft Teams, Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project apps.
Check out our previousblog to learn how these tiers benefityou.
What do we do?
Our program is designed to provide assurance to organizations and enterprise IT admins like you,that when your data interacts with a certified application, that application has undergone a security and privacy review. Microsoft 365Certification requires a thorough assessment of an appand its underlying infrastructureagainst a series of security controls. This involves validating a variety of things such as updated antimalware signatures, proper data encryption at rest and in-transit, and many more.All controls span four domains:
Operational Security / Secure Deployment
Data Handling Security and Privacy
Optional External Compliance Frameworks
In the Certification tier of the program, we verify the evidence and documentation provided, and attest to its completeness and accuracy prior to awarding a certification.
How does this help you?
This program provides you with the capability to identify trust-worthy apps as we make visible the following app information through AppSource and Microsoft Docs:
Information about the app’s security, privacy, and data handling practices
Customer reviews and compliance information in AppSource
Consent screens and Certification status of an app
Example of Microsoft 365 Certification badge in Microsoft docs
Example of Microsoft 365 certification badge in AppSource
Example of MCAS report on security, compliance and legal practices followed by the app.
This valuable app information provides rich insights and empowers you to maketimely and knowledgeable decisions.
Andthat is not all. We have now expanded the scope of our program from Teams apps to include Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project. That means more application options for you to choose from.
Some new apps who have undergone Publisher Attestation and/or Microsoft 365 Certification areHeyTaco!, Coco, Klaxoon, SheetGo, SalesTim.
As customer’s data security is of utmost importance to us, we strive to build and grow our program. While doing so, we are working on standardizing the process for annual re-certification of apps. Identifying significant app updates that call for a re-certification is another milestone we plan to achieve.