Malware has been a threat to computer systems and networks since the first recorded attack in 1971, when the Creeper virus was unleashed on the ARPANET. Since then, the number and sophistication of malware attacks have grown exponentially. In 2023 alone, there were millions of malware attacks worldwide, causing considerable damage and financial losses to individuals, businesses, and governments.

Microsoft 365 Certification validates an app’s underlying compliance, privacy, and data handling attributes through free penetration testing and independent yearly audits. Certification can help ensure an app’s security is maintained and updated regularly, and that employees are utilizing the industry’s best practices and policies to keep customer data safe.

Malware protection overview

Malware, or malicious software, is any program or file that can harm a computer or network. Malware can include viruses, worms, trojans, ransomware, spyware, adware, and more. Malware can compromise the security, performance, and functionality of devices and applications, as well as expose sensitive data to unauthorized access or theft.

App developers must protect their software and their customers data from malware attacks. Malware can infect an app during the development, testing, or deployment stages, and it can exploit vulnerabilities after it is released. Malware can also spread from apps to other devices or systems that interact with it, causing damage and reputation loss.

Microsoft 365 Certification validates anti-malware controls

Microsoft 365 Certification verifies apps that meet the highest standards of security, compliance, and data protection in the Microsoft ecosystem. The certification process includes a rigorous assessment of an app’s controls, policies, and practices by an independent third-party auditor.

Microsoft 365 Certification assesses an application’s anti-malware controls. Anti-malware controls are the measures that you take to prevent, detect, and remove malware from your app and its environment. Anti-malware controls can include software tools, policies, procedures, and best practices that help protect from malware threats.

Certification validates that anti-malware protections are in place by checking if the anti-malware solution is active and enabled across all system components. It also verifies that the solution meets certain criteria, such as having on-access scanning enabled and up-to-date signatures within 1 day. For Endpoint Detection and Response (EDR) or Next-Generation Antivirus (NGAV) solutions, it ensures that periodic scanning is performed, audit logs are generated, and the solution is continuously updated with self-learning capabilities. These validations help ensure that organizations have effective anti-malware measures in place to protect their systems.

This control set is entirely automated using ACAT, The App Compliance Automation Tool. ACAT is a service within the Azure portal designed to ease the path to compliance for applications using Microsoft 365 customer data and published through Partner Center. ACAT also allows continuous compliance monitoring with customized daily reports.

By having these anti-malware controls in place, developers can demonstrate to customers their commitment to safeguarding data and privacy. Microsoft 365 Certification also offers recognition and promotion for certified apps in the Microsoft marketplaces and ecosystem.

Next steps

To learn how Microsoft 365 Certification validates anti-malware best practices are in place for your application, visit the Microsoft 365 Certification malware protection control evidence requirements. To start certification, go to the Microsoft Partner Center dashboard, select an app from Marketplace offers overview, and select App Compliance.