Here in our Microsoft 365 App Compliance Team, the focus is to protect our customers’ data by creating a trusted ecosystem of secure and compliant apps. Our program also helps customers like you to distinguish and filter out apps, based on their own risk tolerance.
The Microsoft 365 App Compliance Program consists of 3 tiers:
Check out our previous blog to learn how these tiers benefit you.
What do we do?
Our program is designed to provide assurance to organizations and enterprise IT admins like you, that when your data interacts with a certified application, that application has undergone a security and privacy review. Microsoft 365 Certification requires a thorough assessment of an app and its underlying infrastructure against a series of security controls. This involves validating a variety of things such as updated antimalware signatures, proper data encryption at rest and in-transit, and many more. All controls span four domains:
In the Certification tier of the program, we verify the evidence and documentation provided, and attest to its completeness and accuracy prior to awarding a certification.
How does this help you?
Example of Microsoft 365 Certification badge in Microsoft docs
Example of Microsoft 365 certification badge in AppSource
Example of MCAS report on security, compliance and legal practices followed by the app.
You can find more examples here.
This valuable app information provides rich insights and empowers you to make timely and knowledgeable decisions.
And that is not all. We have now expanded the scope of our program from Teams apps to include Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project. That means more application options for you to choose from.
Some new apps who have undergone Publisher Attestation and/or Microsoft 365 Certification are HeyTaco!, Coco, Klaxoon, SheetGo, SalesTim.
As customer’s data security is of utmost importance to us, we strive to build and grow our program. While doing so, we are working on standardizing the process for annual re-certification of apps. Identifying significant app updates that call for a re-certification is another milestone we plan to achieve.
If you have questions about our program, please reach out to email@example.com.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.