App Compliance Automation Tool for Microsoft 365 is now in public preview

Sreekanth Thirthala Venkata

Last month at Ignite, we announced that the App Compliance Automation Tool (ACAT) for Microsoft 365 was coming to public preview. Today, we are happy to announce that ACAT is now in public preview.

The Microsoft 365 certification is designed to show customers that an app has been vetted against controls derived from leading industry standard frameworks, and that strong security and compliance practices are in place to protect customer data. Achieving the certification involves the collection of the required evidence for application, operational and data security controls. This takes a significant amount of time for the app developer. ACAT simplifies the process of evidence collection and control validation by automating 35% of the Microsoft 365 certification controls. This significantly decreases the time to achieve the Microsoft 365 certification.

About the App Compliance Automation Tool

Enterprise governance, risk and compliance teams and IT Admins want to ensure that applications deployed in their organization’s Microsoft 365 tenant are secure and compliant. And, that they meet the leading industry compliance standards (e.g., SOC2, ISO, GDPR etc.). Microsoft launched the Microsoft 365 App Compliance program to provide visibility into an application’s security and compliance posture and to increase our customers’ trust in these applications. Applications’ security, data handling and compliance information is audited against a set of controls derived from leading industry standard frameworks to award the Microsoft 365 certification.

ACAT is an application-centric compliance automation tool deployed as a service in the Azure portal. It enables developers to:

  • Define the compliance boundary for their applications.
  • Get automated compliance reports and alerts to continuously monitor their application and remediate any compliance failures.
  • Download and share the detailed compliance reports with their customers.
  • Achieve an accelerated path to achieve Microsoft 365 certification by automating the evidence collection and control validation.

ACAT enables IT Admins to leverage the compliance reports to ensure that the application has met the right level of compliance controls before deploying apps into their organization’s Microsoft 365 tenant.


Get started

ACAT is now enabled as a service in the Azure portal, and you can onboard your application by following the steps below:

  • Navigate to All Services in the Azure portal
  • Search for the App Compliance Automation Tool for Microsoft 365
  • Launch the ACAT tool

Image of App Compliance Automation Tool in Services

Learn more


Discussion is closed.

Feedback usabilla icon