Originally posted in the Microsoft Security blog.
Apps in Microsoft Teams allow you to leverage additional capabilities, enhance your experience, and make Teams work for you by adding your favorite Microsoft and third-party services.
Today, hundreds of ecosystem apps provide a great way to enhance and customize Teams, but to enable applications and services in an organization, they often need to be reviewed across a wide range of security and compliance criteria.
At Microsoft Build 2019, we announced the app certification program, which will streamline the process of gathering app information related to security, data handling, and compliance practices from our partners powered by Microsoft’s Cloud Access Security Broker and gives customers the ability to review this information in one central location.
App certification program
The goal of the app certification program is to provide customers with a reliable, unified, and publicly accessible cloud app risk assessment catalog via Microsoft AppSource and within the relevant admin portals. At the same time, we give partners the ability to work directly with Microsoft to provide the most up-to-date information about their apps’ security and compliance and certify these apps for business readiness.
In the first stage of this program, we’ll work closely with solution providers of Teams apps to ensure that the information is up to date, and allow them to self-attest their apps against more than 80 risk factors provided by Microsoft Cloud App Security, as well as leverage their security and compliance information submitted in CSA STAR.
In the future, we’ll expand this program beyond Teams to include our entire app ecosystem across Microsoft 365. We’ll also look into opportunities that would allow customers to easily identify apps that can enhance their experience in Teams, while meeting certain security and compliance requirements. A central app certification program could provide developers the ability to receive a “business ready” badge for each app and simplify the selection process for organizations.
Public risk assessment information for Teams apps.
Microsoft Cloud App Security
Microsoft Cloud App Security is a multimode Cloud Access Security Broker (CASB). It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.
The Microsoft Cloud App Security cloud app catalog is the basis for the new certification program. Today, it includes an extensive and continuously growing catalog of more than 16,000 cloud apps that have each been assessed against more than 80 risk factors spanning security, compliance, and legal frameworks.
Risk assessment information for apps inside of Microsoft Cloud App Security.
Today, the cloud app catalog is kept updated through automated advanced data extraction, continuous analysis by the Microsoft Cloud App Security analyst team, and customer-based revision requests. Going forward, we’ll automatically update the information based on our partners’ self-attestation as they engage in the new app certification program.
The new app certification program provides a transparent way to our customers to review apps and ensure they meet internal security and compliance guidelines before approving them for use in their tenant.
This program is currently in its pilot phase. To assess and manage the risk of using Teams apps, check out the security and compliance content now available via Microsoft Docs.