Data at rest refers to inactive data stored physically in any digital form (e.g., databases, file stores). Protecting this data is crucial as it can be a target for unauthorized access, breaches, and other security threats. Encryption is a fundamental security measure that helps safeguard data at rest by converting it into a format that is unreadable without the appropriate decryption key.

Microsoft 365 Certification verifies that all data at rest is encrypted using strong encryption algorithms. This ensures that even if unauthorized individuals gain access to the storage medium, they cannot read or misuse the data. Encryption acts as a robust barrier, protecting sensitive information from potential threats.

To obtain certification, ISVs are required to demonstrate that data at rest is encrypted according to the specified encryption profile requirements. This includes the use of encryption algorithms such as AES, Blowfish, and TDES, with encryption key sizes of 128-bit and 256-bit. Older encryption algorithms are recognized to possess certain cryptographic vulnerabilities, which elevate the likelihood of an unauthorized individual decrypting the data without access to the key. Using the latest encryption profiles can safeguard data at rest.

All applications must meet Microsoft 365 Certification’s encryption profile configuration, using CBC mode symmetric cryptography with a fresh, randomly generated initialization vector for each operation. New code must use SHA-2 hash functions, truncated to at least 128 bits.

New implementations must utilize HMAC with one of the approved hash functions. The output of HMAC may be truncated to no fewer than 128 bits. HMAC keys must have a minimum length of 128 bits, although 256-bit keys are recommended.

These requirements ensure that cryptographic operations are performed using secure and industry-standard methods, providing robust protection for data at rest.

This control set is entirely automated using ACAT, the App Compliance Automation Tool. ACAT is a service within the Azure portal designed to ease the path to compliance for applications using Microsoft 365 customer data and published through Partner Center. ACAT also allows continuous compliance monitoring with customized daily reports.

Microsoft 365 Certification ensures the security of data at rest is a crucial component of an applications supporting frameworks. By encrypting data and providing comprehensive evidence of these measures, ISVs can demonstrate their commitment to data security and build trust with their users.

Next steps Copy link

To learn how Microsoft 365 Certification validates that your application uses the latest encryption standards for data at rest, visit the Microsoft 365 Certification data at rest control evidence requirements.

To start certification, go to the Microsoft Partner Center dashboard, select an app from Marketplace offers overview, and select App Compliance.