New Microsoft 365 Certification framework creates a more streamlined process for ISVs

Tony Balkan

Microsoft 365 Certification has been updated with a refreshed control set featuring the latest security and compliance attributes for apps built to run on Teams, SaaS, and Microsoft 365 add-ins. Based on direct feedback from certified partners, the new framework was designed to help Independent Software Vendors (ISVs) build trust with potential customers by highlighting their app’s compliance posture across Microsoft storefronts and admin portals.

Certification fosters app adoption by validating an app’s underlying compliance and privacy features. Certified apps have been verified by Microsoft to utilize the latest security safeguards and receive dedicated filters and badging in Microsoft 365 storefronts like AppSource and Teams Store. They also receive custom pages on highlighting their compliance attributes for added transparency and to expedite security reviews.

Now, completing Microsoft 365 Certification and yearly recertification is even easier. By combining questions with similar evidentiary requirements and utilizing more targeted evidence, we consolidated the overall number of controls. These updates give ISVs a clearer path to validate the compliance and security of their applications.

In addition, we have made the following updates to help developers expedite certification:

  • Certification questions have been updated and rephrased for greater clarity.
  • Sample evidence has been updated with enhanced photos and descriptions.
  • The certification questionnaire in Microsoft Partner Center has been redesigned to provide a more streamlined and user-friendly experience.
  • Added support for applications built on AWS through ACAT, the App Compliance Automation Tool. (In preview)

Use external certifications and frameworks to expedite Microsoft 365 Certification

ISVs with pre-existing certifications like SOC 2, PCI DSS, FedRAMP and ISO 27001 can use those frameworks to serve as evidence for like controls, further streamlining the overall process. Microsoft continues to offer yearly penetration testing at no cost to developers and ISVs to help support secure and trustworthy app development.

Expedite Microsoft 365 Certification and ensure continuous and automated compliance for your application with ACAT

The App Compliance Automation Tool for Microsoft 365 (ACAT) further expedites Microsoft 365 Certification by automating compliance controls in Azure, offering a seamless built-in experience. ACAT gives customized compliance visibility within your own app or environment boundary, providing an application-centric experience. It can help identify potential compliance issues or risks and offer remediation steps, ensuring continuous and automated compliance for your application throughout its entire lifecycle.

This product is currently in public preview, with support for Microsoft 365 applications built on Azure. ISVs with applications developed on AWS, or a hybrid of Azure and AWS, can now access ACAT by joining our private preview program.

These updates aim to make completing the Microsoft 365 Certification even easier. Saving valuable time and resources for ISVs while offering assurances to customers that their apps are built with the latest security and compliance safeguards. The streamlined control set is now live and available for all Microsoft 365 apps published in Partner Center.

Learn more about Microsoft 365 Certification.

Follow @Microsoft365Dev / X (Twitter) to stay up to date with the latest announcements.


Discussion is closed.

Feedback usabilla icon