Last year, Microsoft launched Publisher Attestation and Microsoft 365 Certification as part of the Microsoft 365 Security and Compliance program. This year at Build, we announced the public preview of another initiative called Publisher Verification. These programs, among several others, are the investments Microsoft is making to continue building a secure and trustworthy app ecosystem for our customers. The goal of these programs is to offer assurance and confidence to enterprise organizations that data and privacy are adequately secured and protected when your Microsoft 365 or Microsoft Graph API applications are introduced.
Publisher Verification
Publisher Verification allows developers with a verified Microsoft Partner Network (MPN) account to associate an organizational identity with their apps registered through the Microsoft identity platform. It provides various benefits including increased trust, improved branding, and easier adoption in enterprises. It is currently optional but will become required in the future for multi-tenant apps to allow end users to consent.
This program primarily applies to apps that are:
- Using OAuth 2.0 and OpenID Connect to sign users in and request access to data using service-side APIs such as Microsoft Graph.
- Registered in Azure AD as multi-tenant.
Example of the updated branding page for an app registration with a verified publisher
Publisher Attestation
Publisher Attestation is a voluntary program where you complete a self-assessment of your app’s security, data handling, and compliance practices. The information you provide will be processed and presented to your customers so they can better evaluate your app before enabling it for their organization. Say goodbye to the back and forth with customers; you can now point them to all your information on the Publisher Attestation page.
Applies to:
- Apps that integrate with Microsoft 365 (Word, Excel, PowerPoint, Outlook, Teams, WebApps)
Microsoft 365 Certification
The Microsoft 365 Certification offers assurance and confidence to enterprise organizations that data and privacy are adequately secured and protected when your Microsoft Teams app is introduced to the platform. Certification confirms that an app solution is compatible with Microsoft technologies, compliant with cloud app security best practices, and supported by Microsoft, a trusted partner. During this process, you will work with a third-party assessor to validate your organizational security and compliance standards.
Applies to:
- Teams applications
Example of an app with the Microsoft 365 Certification badge in AppSource
As security becomes an increasingly important vector for you and your customers, with your help we will continue to build upon these programs to provide your customers with the least amount of friction in adopting your apps and the greatest amount of confidence in our app ecosystem.
If you have questions about any of these programs or if you would like to participate, please reach out to appcert@microsoft.com.
