Microsoft 365 certification

What does M365 certification represent?

Updated over a week ago


Microsoft 365 certification is designed to show customers that applications have undergone an intensive security review and can be trusted with customer data. M365 certified apps have been vetted against controls derived from leading industry standard frameworks (SOC 2, PCI DSS and ISO 27001), and that strong security and compliance practices are in place to protect customer data.

Apps that have been certified have been assessed across the following three domains:

  1. Application Security
  2. Operational Security / Secure Deployment
  3. Data Handling Security and Privacy

As can be learned in this delta overview between M365 <> ISO 27001 certification, M365 certification is more extensive in the following areas:

  • Malware Protection;
  • Patch Management;
  • Vulnerability Scanning;
  • Firewalls;
  • Web Application Firewalls;
  • Change of control;
  • Account Management;
  • Intrusion Detection;
  • Event logging;
  • Reviewing;
  • Alerting;
  • Risk Management; and
  • Incident Response.

Coachello’s application has been M365 Certified since January 2023.