If the Publisher Attestation includes external compliance audit reports, a certification analyst checks the validity of those reports as part of the Microsoft 365 Certification assessment. Optional external compliance audit review If an application retrieves and stores customer data, you are also required to implement a data storage encryption scheme that follows the encryption profile configuration requirements. This domain also tests controls like data at rest, data retention and disposal, data access management, and GDPR.įor details, see Data handling security and privacy. Protect data in transit between the application user, intermediary services, and app developer’s systems by encryption through a TLS connection (required).
MICROSOFT 365 CERTIFICATION PATCH
Assess various controls in this layer, including malware protection, patch management, vulnerability scanning and firewalls, account management and incident management, and change control.įor details, see Operational security. This domain measures the alignment of an app’s supporting infrastructure and deployment processes with security best practices. If your app operates standalone without connectivity to any non-Microsoft service or backend, this isn’t required.įor details, see Application security.
MICROSOFT 365 CERTIFICATION SOFTWARE
Application security testing – If your app has any connectivity to any service not published by Microsoft, you must carry out application security testing in the form of penetration testing. Microsoft 365 Certified: Fundamentals certification demonstrates that you completely understand the options available in MS 365 and the rewards that can be derived by adopting the Software as a Service (SaaS) cloud model, cloud services, and executing Microsoft 365 cloud service.Flag and discuss any connections you do not identify as Microsoft or any direct connections to an external service. If you are interested in acquiring a related certification in Microsoft Teams, please consider MS-700: Managing Microsoft Team s and earn the Microsoft 365 Certified: Teams Administrator Associate. External connectivity checks – Identify connections in your app outside of Microsoft 365 by performing a walkthrough with an analyst. A retired certification remains in the active section of your transcript for at least two years after its retirement.For example, request permissions that are required for the functionality of the app. Microsoft Graph API permission validation – Carry out permission validation to validate that the app/add-in does not request overly permissive permissions.The application security domain focuses on the following three areas: Optional external compliance audit review.To certify, your app must pass the controls in each of the following security domains: When an app undergoes Microsoft 365 Certification, a third-party assessor validates and assesses the app and its supporting infrastructure.
As an app developer, you can work with analysts in the Microsoft 365 App Compliance team to demonstrate that your application and its supporting infrastructure are qualified to protect the security and privacy of your customers’ sensitive data.
0 kommentar(er)
