Network security controls are the policies, procedures, and technologies that protect the confidentiality, integrity, and availability of network resources and data. These controls can help prevent unauthorized access, misuse, modification, or disruption of network services and information.

Network security controls ensure that applications are secure and reliable. Helping app developers to protect their app data and code from cyberattacks, such as malware, ransomware, denial-of-service, or phishing. They satisfy multiple regulatory and industry standards, such as GDPR, HIPAA, PCI-DSS, or ISO 27001. Reducing the risk of data breaches, fines, lawsuits, or reputational damage that can result from network security incidents.

Microsoft 365 Certification validates network security controls are in place

Microsoft 365 Certification reviews third-party applications that integrate with Microsoft 365. It verifies that apps meet the security, privacy, compliance, and performance requirements of Microsoft 365.

During certification, auditors will confirm the network security controls exist and are active within the app’s underlying ecosystem:

Network perimeter security ensures a secure network perimeter that prevents unauthorized access and protects against external threats. This includes using firewalls, VPNs, encryption, authentication, and authorization mechanisms.

Network segmentation isolates different network zones and restricts the communication between them. This includes using subnets, VLANs, routers, switches, and gateways. Network monitoring and logging systems collect, analyze, and report on network activity and events. This includes using network sensors, IDS/IPS, SIEM, and audit logs.

A network incident response plan defines the roles, responsibilities, and procedures for responding to network security incidents. This includes using incident response teams, tools, and processes.

Developers must provide evidence and prove that it has implemented network security controls to complete Microsoft 365 Certification criteria.

This control set is partially automated using ACAT, The App Compliance Automation Tool. ACAT is a service within the Azure portal designed to ease the path to compliance for applications using Microsoft 365 customer data and published through Partner Center. ACAT also allows continuous compliance monitoring with customized daily reports.

Next steps

To learn more on how Microsoft 365 Certification validates network security controls are in place for your application, visit the Microsoft 365 Certification network security controls evidence requirements.

To start certification, go to the Microsoft Partner Center dashboard, select an app from Marketplace offers overview, and select App Compliance.