Microsoft 365 App Compliance Program helps admins in creating a secure app ecosystem

This post has been republished via RSS; it originally appeared at: Microsoft 365 Blog articles.

Here in our Microsoft 365 App Compliance Team, the focus is to protect our customers’ data by creating a trusted ecosystem of secure and compliant apps. Our program also helps customers like you to distinguish and filter out apps, based on their own risk tolerance. 

 

Krishna_Mawani_1-1605132712049.png

 

The Microsoft 365 App Compliance Program consists of 3 tiers:

  • Publisher Verification helps admins and users understand the authenticity of app developers integrating with the Microsoft identity platform.
  • Publisher Attestation is where developers share general, data handling, security and compliance information about their app service.
  • Microsoft 365 Certification offers assurance and confidence to organizations that data and privacy are adequately secured and protected when using Microsoft Teams, Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project apps.

Check out our previous blog to learn how these tiers benefit you. 

 

What do we do?

Our program is designed to provide assurance to organizations and enterprise IT admins like you, that when your data interacts with a certified application, that application has undergone a security and privacy review. Microsoft 365 Certification requires a thorough assessment of an app and its underlying infrastructure against a series of security controls. This involves validating a variety of things such as updated antimalware signatures, proper data encryption at rest and in-transit, and many more. All controls span four domains: 

  • Application Security 
  • Operational Security / Secure Deployment 
  • Data Handling Security and Privacy 
  • Optional External Compliance Frameworks 

In the Certification tier of the program, we verify the evidence and documentation provided, and attest to its completeness and accuracy prior to awarding a certification. 

 

How does this help you? 

This program provides you with the capability to identify trust-worthy apps as we make visible the following app information through AppSource and Microsoft Docs: 

  • Information about the app’s security, privacy, and data handling practices 
  • Customer reviews and compliance information in AppSource 
  • Consent screens and Certification status of an app 

Example of Microsoft 365 Certification badge in Microsoft docs 

Krishna_Mawani_0-1605292427257.png

Example of Microsoft 365 certification badge in AppSource

Krishna_Mawani_2-1605132712058.png

Example of MCAS report on security, compliance and legal practices followed by the app.

You can find more examples here. 

Krishna_Mawani_3-1605132712059.png

Krishna_Mawani_4-1605132712061.png

Krishna_Mawani_5-1605132712062.png

 

This valuable app information provides rich insights and empowers you to make timely and knowledgeable decisions. 

 

And that is not all. We have now expanded the scope of our program from Teams apps to include Outlook, Office Add-ins, SharePoint Add-ins, OneNote and Project. That means more application options for you to choose from. 

 

Krishna_Mawani_0-1605297157785.png

 

Some new apps who have undergone Publisher Attestation and/or Microsoft 365 Certification are HeyTaco!, Coco, Klaxoon, SheetGo, SalesTim.

Krishna_Mawani_4-1605228795350.png

 

As customer’s data security is of utmost importance to us, we strive to build and grow our program. While doing so, we are working on standardizing the process for annual re-certification of appsIdentifying significant app updates that call for a re-certification is another milestone we plan to achieve. 

 

If you have questions about our program, please reach out to appcert@microsoft.com.

 

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.