This article is contributed. See the original author and article here.

Here in our Microsoft 365 App Compliance Team, the focus is to protect our customers’ data by creating a trusted ecosystem of secure and compliant apps. Our program also helps customers like you to distinguish and filter out apps, based on their own risk tolerance. 


 


Krishna_Mawani_1-1605132712049.png


 


The Microsoft 365 App Compliance Program consists of 3 tiers:



  • Publisher Verification helps admins and users understand the authenticity of app developers integrating with the Microsoft identity platform.

  • Publisher Attestation is where developers share general, data handling, security and compliance information about their app service.

  • Microsoft 365 Certification offers assurance and confidence to organizations that data and privacy are adequately secured and protected when using Microsoft Teams, Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project apps.


Check out our previous blog to learn how these tiers benefit you. 


 


What do we do?


Our program is designed to provide assurance to organizations and enterprise IT admins like you, that when your data interacts with a certified application, that application has undergone a security and privacy review. Microsoft 365 Certification requires a thorough assessment of an app and its underlying infrastructure against a series of security controls. This involves validating a variety of things such as updated antimalware signatures, proper data encryption at rest and in-transit, and many more. All controls span four domains: 



  • Application Security 

  • Operational Security / Secure Deployment 

  • Data Handling Security and Privacy 

  • Optional External Compliance Frameworks 


In the Certification tier of the program, we verify the evidence and documentation provided, and attest to its completeness and accuracy prior to awarding a certification. 


 


How does this help you? 


This program provides you with the capability to identify trust-worthy apps as we make visible the following app information through AppSource and Microsoft Docs: 



  • Information about the app’s security, privacy, and data handling practices 

  • Customer reviews and compliance information in AppSource 

  • Consent screens and Certification status of an app 


Example of Microsoft 365 Certification badge in Microsoft docs 


Krishna_Mawani_0-1605292427257.png


Example of Microsoft 365 certification badge in AppSource


Krishna_Mawani_2-1605132712058.png


Example of MCAS report on security, compliance and legal practices followed by the app.


You can find more examples here. 


Krishna_Mawani_3-1605132712059.png


Krishna_Mawani_4-1605132712061.png


Krishna_Mawani_5-1605132712062.png


 


This valuable app information provides rich insights and empowers you to make timely and knowledgeable decisions. 


 


And that is not all. We have now expanded the scope of our program from Teams apps to include Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project. That means more application options for you to choose from. 


 


Krishna_Mawani_0-1605297157785.png


 


Some new apps who have undergone Publisher Attestation and/or Microsoft 365 Certification are HeyTaco!, Coco, Klaxoon, SheetGo, SalesTim.


Krishna_Mawani_4-1605228795350.png


 


As customer’s data security is of utmost importance to us, we strive to build and grow our program. While doing so, we are working on standardizing the process for annual recertification of appsIdentifying significant app updates that call for a re-certification is another milestone we plan to achieve. 


 


If you have questions about our program, please reach out to appcert@microsoft.com.


 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.