The Microsoft 365 App Compliance Program offers assurance to organizations that their data and privacy are secured when deploying 3rd party applications. This includes apps built for Microsoft Teams, Outlook, Word, Excel, SharePoint, OneNote, and Project.
The Microsoft 365 App Compliance Program is a two-step approach to app security and compliance:
- Publisher Verification provides identity verification of app publishers, so users are assured the apps they utilize are authentic.
- Microsoft 365 Certified apps have undergone self-attestation and a comprehensive 3rd party audit to ensure proper data handling, encryption, antivirus, and firewall security like those found in SOC-2, PCI-DSS, and ISO-27001. These apps are awarded the Microsoft 365 Certification Badge.
Microsoft 365 Certification Badge
Apps that have completed verification and certification can be found across multiple storefronts and admin centers through dedicated filters. Apps that have undergone self-attestation but have yet to complete full certification can also be found through filtering.
Current locations include:
- Teams Admin Center
- Teams Store
- AppSource / Microsoft Admin Center
- Office Add-ins Store
- Azure Active Directory
- Microsoft App Compliance Doc Pages
1. Microsoft Teams Admin Center
Manage Apps provides the ability for users to filter based on certification status:
1. Click Manage apps >click on the column header labeled Certification to sort
2. Apps will be populated by Microsoft 365 Certified apps first followed by Publisher Attested.
2. Microsoft Teams Store
When searching for apps to deploy in Teams, look for the Microsoft 365 Certified badge in the app summary page.
3. AppSource
AppSource gives users the ability to filter by Microsoft 365 Certified or attested apps:
- Log in to AppSource and click See all apps.
- Under Filters click Compliance > Publisher Attestation.
- You will see a list of all the apps that have completed attestation.
- Under Compliance click Microsoft Certified.
You will now see the apps that have completed the Microsoft 365 Certification.
The Microsoft 365 Certification badge has been added to the Overview page for each app that has completed certification. The certification status is also listed on the Details and Support tab. Clicking on the status links to the app’s dedicated Microsoft docs page where you can find a full compliance report.
The same filters, badges, and basic functionality for finding compliant apps found in AppSource are also available in the Microsoft Admin Center.
4. Microsoft Office Add-ins Store
For Microsoft Excel, OneNote, Outlook, PowerPoint, Project, and Word users can search for certified apps within the Office Add-ins store.
The Microsoft 365 Certification badge is reflected in all certified app listings, next to the reviews:
The badge is also present within the summary page pop-out for each certified app:
5. Azure Active Directory (Now Microsoft Entra)
IT Admins can now manage app consent experiences based on app certification status. For AAD apps, users can:
1. Set user consent policies based on Microsoft 365 Certification status through APIs in Microsoft Graph Beta.
2. See the status of app certification in the app consent UX where consent decisions are made by the users.
User consent prompt App information
6. Microsoft 365 App Compliance Docs Pages
All apps that have completed either publisher attestation or Microsoft 365 Certification receive dedicated docs pages with a detailed overview of their current security posture. This reporting can help in cutting down security screening with transparency into the apps data handling aligning to industry standard practices. These reports cover the following areas:
- General publisher and app information
- Data handling
- Security
- Compliance
- Privacy
- Identity
- Certification controls
For more information about the Microsoft 365 App Compliance Program, check out the following resources:
App Compliance Program | Microsoft 365 Dev Center
Microsoft 365 App Compliance Program - Microsoft 365 App Certification | Microsoft Docs
Contact > appcert@microsoft.com