Teams Store validation guidelines

Following these guidelines increases the chances of your app to pass the Microsoft Teams Store submission process. The Teams-specific guidelines complement the Microsoft commercial marketplace certification policies and are updated frequently to reflect new capabilities, user feedback, and business rule changes.

Value proposition

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.1 and provides more guidance to developers of Microsoft Teams apps on their offer’s value proposition.

Apps must provide value to the users by enabling them to complete functional workflows that encourage repeated use. Expand the following sections to know more about the value proposition:

Back to top

App Name

[Must fix]

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.1.1 and provides more guidance to developers on naming their apps.

Duplicate App

• Multiple apps may be published separately only if the apps: [Must fix]

  • Represent distinct product lines (that is, marketed and positioned differently).
  • Require separate publication to meet regulatory compliance (for example, GDPR, government cloud), or installation requirements (for example, on-premises installation).

• To avoid confusion and ensure clarity for end users:

  • The name, short description, and long description must differ meaningfully from those of any existing apps.
  • The short description and long description must clearly communicate the app’s unique value proposition

• To fulfill multiple regions support requirement, you must build into your business logic and publish only one listing.

  👁 Screenshot shows the passed scenario of region requirement done with logic.
  

Suitable for workplace consumption

[Must fix]

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.1.2, 100.8, and 100.10 and provides additional guidance to developers on building workplace appropriate apps.

Similar platforms and services

[Must fix]

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.1.3.

Apps must focus on the Teams experience and not include the names, icons, or imagery of other similar chat-based collaboration platforms or services within the app content or in the app’s metadata unless the app provides specific interoperability.

Feature names

App feature names in buttons and other UI text mustn't use terminology reserved for Teams and other Microsoft products. For example, Start meeting, Make call, or Start chat are feature names in use by Microsoft in Microsoft Teams. If necessary, include your app name to make the distinction clear, such as Start Contoso meeting.

Authentication

[Must fix]

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.1.4 and provides guidance to developers on authenticating their apps with external services.

For more information on how to implement app authentication, see authentication in Teams.

Audio

• If the primary intent of the app is to listen to music, it must support at least one collaborative scope with end-to-end workflow specific to app. For example, sharing of playlist, configuring or pinning playlist, and synchronously listening to music. [Must fix]

• Apps published with the primary intent of letting users listen to music in Teams are recommended to include collaborative co-listening experience. [Good-to-fix]

Security

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.3.

Back to top

Financial information

[Must fix]

👁 Image
This section is in line with Microsoft commercial certification policy number 1140.3.1 and provides guidance on transmission of financial information within the Teams interface and notifies developers of restricted payment scenarios on the mobile (Android and iOS) version of their Teams app.

Bots

[Must fix]

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.3.2.

External domains

[Must fix]

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.3.3 and provides developer guidance on usage of restricted domains in the validDomains app manifest property.

Sensitive content

[Must fix]

Your app mustn't post sensitive data, such as credit card, financial payment details, health, contact tracing, or other personally identifiable information (PII) to an audience not intended to view the content.

App must warn users before downloading any files or executables (.exe) into the user's machine or environment.

General functionality and performance

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.

• Way forward guidance is mandatory for both admin and existing users. You can add way forward guidance as hyperlinks to sign up, get started, contact us, help links, or email.
• Calling out account dependency or limitations under app functionality isn't required but is mandatory to add it in both app manifest long description and AppSource app listing.
• You must call out any dependency on admins for new users. If there's no dependency, it's mandatory to provide a sign up, contact us, get started link, or email.

Back to top

Launching external functionality

[Must fix]

Apps mustn't take users out of Teams for core user scenarios. App content and interactions must occur within Teams capabilities, such as bots, Adaptive Cards, tabs, and dialogs (referred as task modules in TeamsJS v1.x).

Compatibility

[Must fix]

Apps must be fully functional on the latest versions of the following operating systems and browsers:

• Microsoft Windows
• macOS
• Microsoft Edge
• Google Chrome
• iOS
• Android

Your app must show a graceful failure message on unsupported browsers and operating systems.

Response time

[Must fix]

Teams apps must respond within a reasonable time-frame or show a loading or typing indicator or message or warning.

• Tabs must respond within two seconds or display a loading message or warning. [Must fix]
• Bots must respond to user commands within two seconds or display a typing indicator. [Must fix]
• Message extensions must respond to user commands within two seconds. [Must fix]
• Notifications must display within two seconds of the user action. [Must fix]

Apps powered by Artificial Intelligence

Explore resources designed to help you with responsible Artificial Intelligence (AI) practices at every stage of innovation such as Microsoft RAI Toolkit and HAX Toolkit Project.

👁 Image
This section is in line with Microsoft commercial marketplace policy for Apps with AI generated content and Microsoft commercial marketplace policy for Apps using facial recognition capabilities.

Apps with AI-generated content

• App must not generate, contain, or provide access to inappropriate, harmful, or offensive AI generated content consistent with existing commercial marketplace policies outlined in 100.10. [Must fix]

  • Consider using any of the following:
    • Use Teams SDK, Teams-centric interface to GPT-based common language models and user intent engines. [Good-to-fix]
    • Use of moderation hooks, which can be used to regulate bot responses through moderation API. [Good-to-fix]
    • Add conversation sweeping capability, which helps you monitor conversations and intervene when conversations go astray. [Good-to-fix]

• App must provide mechanisms for app users to report inappropriate, harmful, or offensive content to the developer by any of the following mechanisms: [Must fix]

  • App description including mail ID or link to the portal to log the issue.
  • In app mechanism to log issue along with specific reference to the inappropriate content.

• You must take timely action on reported concerns. [Must fix]

• App must clearly describe AI functionality before the customer acquires the offer consistent with policy 100.1.3 and prompt the user to review the information as a part of in-app functionality. The AI disclaimer must be clearly visible in the UI where users interact with generative AI content. [Must fix].

  Here are some ways to achieve this:

  • Include fixed disclaimer shown in the UI where AI content is generated
  • Include disclaimers in the content generated through AI.
  • Include disclaimers that're shown as part of first-run experience only and aren't visible at all times.

  👁 Screenshot shows the description for AI functionality.
  

• Apps must implement safeguards to prevent attacks that attempt to manipulate or override system instructions, safety controls, or developer defined behavior.

Apps using facial recognition capabilities

• App must not allow use of facial recognition capabilities to identify an individual to be used by or for a police department in the United States. [Must fix]
• For apps utilizing facial recognition or emotional inference technologies, you must provide a prominent tag or indication of each of these capabilities in the app description. [Must fix]
  • Apps that use facial expressions or facial movements to infer emotional states, such as anger, disgust, happiness, sadness, surprise, fear, or other terms commonly used to describe the emotional state of a person can be restricted based on the review.
  • Use of facial expressions and movements to detect and classify only individual facial elements, such as smiles or raised eyebrows is permitted. The key distinction is between the detection of facial expressions or movements as visual signals versus the inference of an emotional state.

App package and Teams Store listing

[Must fix]

App packages must be correctly formatted and include all required information and components.

Back to top

App manifest

[Must fix]

The app manifest defines your app's configuration.

• Your app manifest must conform to a publicly released app manifest schema. For more information, see app manifest reference. Don't submit your app using a preview version of the app manifest.
• If your app includes a bot or message extension, details in the app manifest must be consistent with Bot Framework metadata including bot name, logo, privacy policy link, and terms of service link.
• If your app uses Microsoft Entra ID for authentication, include the Microsoft Entra Application (client) ID in the app manifest. For more information, see the app manifest reference.

Uses of latest app manifest schema

• If your app uses Single sign-on (SSO), you must declare Microsoft Entra ID in the app manifest for user authentication. [Must fix]

• You must use a publicly released app manifest schema. You can update your app package to use a public version of app manifest schema 1.10 or later. [Must fix]

• When you submit an app update, only increase the app version number. App ID of the updated app must match the App ID of the published app. [Must fix]

• The presence of additional files within the app package isn't acceptable. [Must fix]

• The version number must be the same in the app manifest file schema and additional languages app manifest schema. [Must fix]

• You must use the app manifest schema version 1.5 or later to localize your app. To use the app schema version 1.5 or later in your manifest.json file, update the $schema attribute to 1.5 or later. Update the manifestVersion property to $schema version (1.5 in this case). [Must fix]

• When you add, update, or remove an existing capability, add or remove app manifest or Partner Center metadata, you must increase the app version number and submit the new app manifest in your Partner Center account for validation. [Must fix]

• The version string must follow the Semantic Versioning Specification (SemVer) standard (MAJOR.MINOR.PATCH). [Must fix]

• If your app requires admins to review permissions and grant consent in Teams admin center, you must declare webapplicationinfo in the app manifest. If webapplicationinfo isn't declared in the app manifest, the Permissions page for your app in Teams admin center is shown as ... [Must fix]

• As part of Teams app certification, you must submit a production version of the app manifest. [Must fix]

• We recommend that you declare the Microsoft Cloud Partner Program ID (CCP ID), formerly known as Microsoft Partner Network (MPN ID) in the app manifest. The CCP ID helps identify the partner organization that builds the app. [Good-to-fix]

• Scopes and/or context declared in app manifest must be visible within the app. [Must fix]

App icons

[Must fix]

Icons are one of the main elements people see when browsing the Teams Store.

Custom activity icons

If your app package contains custom activity icons for activity feed notifications, ensure that they meet the following guidelines:

• The activity icons must be 32x32 pixels in size and have a .png file extension. [Must fix]
• The activity icons mustn't include inappropriate, harmful, or offensive content. [Must fix]
• The @mention icon must be used exclusively to indicate a user or group being tagged, similar to its usage in Teams. [Must fix]

App descriptions

You must have a short and long description for your app. App description helps improve your app discoverability in the Teams Store. The descriptions in your app configuration and Partner Center must be the same.

👁 Graphic shows an example of adequate app description in the Teams app.

👁 Graphic shows a failed scenario for an inadequate app description.

Screenshots

Screenshots provide a prominent visual preview of your app to complement your app name, icon, and descriptions.

Videos

A video in your app listing is one of the most effective ways to communicate why people must use your app. You can add your YouTube or Vimeo video URL that provides the value of your app. Also, as a best practice, we recommended that you add a video that provides the demo or scenario walkthrough of your app. [Good-to-fix]

If you choose to submit a video as part of your app listing in your Partner Center account, ensure that you meet the following criteria:

• The video must be short, clear, engaging, and of good quality.

• The video must demonstrate how to set up and use the app.

• The video must be in a narrative form.

• The duration of the video must be within 60-90 seconds for a value video and the recommended duration for a walkthrough video is 3-5 minutes. [Good-to-fix]

• You must turn off advertisements from your YouTube or Vimeo account settings before submitting the video link in the app listing. [Must fix]

• The video must highlight your app’s functionalities and integration within Teams. [Must fix]

• The video must be available as a functional link. [Must fix]

• The video must be in the format https://www.youtube.com/watch?v=:id or https://youtu.be/:id for YouTube and https://vimeo.com/:id for Vimeo.

  👁 Screenshot shows the failed scenario of video submitted as part of app listing in partner center.
  

• The video can be surfaced in the first position of the screenshots or videos carousel in the app details (Teams Store and Admin Center) and AppSource pages. [Good-to-fix]

• The video on demo or scenario walkthrough must intend to educate users and not to promote your app.

For more information on the criteria for creating an app value video or walkthrough video, see the checklist to create a video.

Privacy policy

[Must fix]

The privacy policy can be specific to your Teams app or an overall policy for all your services.

• If you use a generic privacy policy template, you must add a reference to services, applications, or platforms in the scope of your privacy policy. You don’t need to specify your Teams app in the scope, if you include a reference to services, applications, and platforms. The app validation process interprets these references to include your Teams app along with your other services or websites.
• Must include how you handle user data storage, retention, and deletion. You must describe the security controls for data protection.
• Must include your contact information.
• Must not include URLs that are broken or for beta or staging purposes.
• Must not include links to AppSource.
• Must not require authentication to access privacy policy.
• Must not include any commerce UI or store links.
• Must have the same link in the app manifest and AppSource.

Terms of use

[Must fix]

Use the following guidelines to write the Terms of use:

• Must be specific and applicable to your offering.
• Must be hosted on your own domain.
• Must have a secure (HTTPS) link.
• Access to Terms of use must not require authentication.
• Must have the same link in the app manifest and AppSource.

Support links

[Must fix]

Your app's support URLs mustn't require authentication. For example, users must be allowed to contact you without sign in.

Localization

[Must fix]

• If your app supports localization, your app package must include a file with language translations that display based on the Teams language setting. The file must conform to the Teams localization schema. For more information, see Teams localization schema. [Must fix]

• App metadata content must be the same in en-us and other localization languages. [Must fix]

• Supported languages must be displayed in the AppSource app description. For example, this app is available in X (X= localized language). [Must fix]

• If the user's client settings don't match with any of your additional languages, the default language is used as the final fallback language. Update the localizationInfo property with the correct default language that your application supports. [Must fix]

• Update the localizationInfo property with the correct default language your application supports or add localized content for app manifest and Partner Center long and short description. [Must fix]

Apps linked to SaaS offer

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.5. If you're building a Teams app linked to a Software as a Service (SaaS) offer, ensure that it adheres to these guidelines.

Back to top

Tabs

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.2. If your app includes a tab, ensure that it adheres to these guidelines.

Back to top

Bots

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.3.

If your app includes a bot, ensure that it adheres to these guidelines.

Back to top

Message extensions

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.4.

If your app includes a message extension, ensure that it adheres to these guidelines.

Back to top

Dialogs

[Must fix]

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.5.

Back to top

Meeting and calling extensions

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.6.

Back to top

Connector

1. The connector name must be the same as the app name within the app and in the app manifest.

   👁 Screenshot shows the mismatch in app name between app and app manifest.
   

2. The user must not encounter any error while configuring the connector.

   👁 Screenshot shows an error while user configuring the connector.
   

Notifications

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.4.7.

If your app uses the activity feed APIs provided by Microsoft Graph, ensure that it adheres to the following guidelines.

Back to top

Microsoft Graph connector

Recommended way to publish your Graph connector is through the Graph connector gallery and you must not include it within your manifest.json file. The guidelines for the declarative agent file are different, which can be found here.

Example

Don’t include Graph connector node in the manifest file.

👁 Screenshot of the Graph connector node in the manifest file.

Back to top

Microsoft 365 App Compliance Program

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.6.

Back to top

Advertising

👁 Image
This section is in line with Microsoft commercial marketplace policy number 1140.7.

Apps mustn't display advertising, including dynamic ads, banner ads, and ads in message. [Must fix]

👁 Graphic shows an example of a failed scenario of advertising in Teams.

Back to top

Cryptocurrency based apps

You must demonstrate compliance with all laws where your app is distributed, if your app: [Must fix]

• Facilitates cryptocurrency transactions or transmissions within the app.

• Promotes cryptocurrency related content.

• Enables users to store or access their stored cryptocurrency.

• Encourages or enables users to complete a cryptocurrency based transaction or transmission outside the Teams platform.

• Encourages or facilitates mining of cryptocurrency tokens.

• Facilitates user participation in Initial Coin Offerings.

• Rewards or incentivizes users with cryptocurrency tokens for completing a task.

After an internal Microsoft review, if the compliance demonstration is satisfactory, Microsoft may proceed with further certification of your app. If the compliance demonstration is unsatisfactory, Microsoft keeps you informed of the decision to not proceed with certification of your app.

Back to top

App functionality

• Workflows or content in the app must be related to the scope. [Must fix]
• All app capabilities must be functional and must work properly as described in the AppSource or app manifest long description. [Must fix]
• Apps must always notify the user before downloading any file or executable on the user’s environment. Any call to action (CTA), either text based or otherwise, that makes it clear to the user that a file or executable is downloaded on user action is allowed in the app. [Must fix]
• Apps with region dependency must notify the users with a graceful failure message in all applicable capabilities if they attempt to use it in an unsupported region. [Must fix]
• Apps and agents using manifest version v1.25 or higher must support collaborative or team capabilities across all channel types (Standard, Shared, and Private). For more information, see Apps for shared and private channels.
  To ensure a consistent and transparent experience [Must fix]:
  • Clearly document any functional differences or limitations across channel types (Standard, Shared, and Private) in the app or agent description.
  • Gracefully handle authentication and in-app or in-agent experiences for all channel members, including internal users, guest users, and users from trusted B2B tenants.
  • Ensure seamless storage access for all channel members (app-generated links must honor tenant sharing policies and should prefer people with existing access or explicit invites for cross-tenant members).
  • Ensure that your app or agent doesn't share discussions, discussion summaries, and channel metadata with users outside the shared or private channels without explicit member configuration.

Back to top

Mobile experience

• Mobile add-ins must be free. There mustn't be any in-app content or links that promote upselling, online stores, or other requests for payment. Any accounts required for apps must have no charge for use and if time-limited, mustn't include any content indicating a need to pay. [Must fix]

  👁 Graphic shows an example of a mobile add-in asking for payment.
  

• Use of the word FREE, FREE TRIAL, or TRY FREE is allowed on desktop or web app experience without any limitation or consideration.

• Use of the word FREE as plain text in the context of a trial or app upgrade is allowed on mobile.

• Use of the word FREE in the context of a trial or app upgrade with a link that leads to a landing page without payment or pricing information is allowed on mobile. Plain text to signal app is PAID is allowed on mobile.

• Use of the word FREE as plain text in the context of a trial or app upgrade and associated with pricing details isn't allowed on mobile. [Must fix]

• Use of the word FREE in the context of a trial or app upgrade and associated with a link that leads to a landing page with pricing information or payment details on mobile isn't allowed. [Must fix]

• Pricing details on mobile in any format, for example, image, text, or link isn't allowed. CTA such as view plans on mobile isn't allowed. Information about plans without pricing details but with a contact link or email on mobile isn't allowed. Any text with contact details linking or alluding to a paid upgrade isn't allowed on mobile. Payments for physical goods are allowed on mobile. For example, your app can allow payment to book a taxi. [Must fix]

  👁 Graphic shows an example of pricing details on mobile.
  

• Payments for digital goods in app aren't allowed on mobile. [Must fix]

  👁 Graphic shows an example of payments for digital goods on mobile.
  

• Teams apps must offer an appropriate cross-device mobile experience. [Must fix]

• Capabilities that aren't supported on mobile mustn't dead-end a user and must provide a graceful failure message where applicable. [Must fix]

Back to top

Apps extended across Microsoft 365 clients

General

• The apps that are intended to extend Teams apps across Microsoft 365 clients must use the schema version 1.13 or later.

• Your app’s support URL must contain content relevant for the Teams app extensible across Microsoft 365 clients and must not call out a single client only.

• You must provide relevant reference to the Teams app extensible across Microsoft 365 clients in the app description.

• If your Teams app is extensible across Microsoft 365 clients, the content provided in your app’s get started, sign in, sign up, sign out, help pages, or way forward messages must call out all the clients.

Compatibility

Teams apps extensible across Microsoft 365 clients must be fully responsive and functional on the latest versions of Microsoft Edge and Google Chrome clients. The user must be able to invoke and continue to use personal tabs or message extensions on the following:

• Outlook for Windows and web.
• Microsoft 365 on desktop, web and Android.
• Microsoft Teams on desktop and web.
• Microsoft Teams on Android and iOS.

Mobile experience

Users must be able to launch the app from the actions flyout menu within the Microsoft 365 client on mobile. The app name must be displayed correctly in the action bar. [Must fix]

App launch from actions flyout

Users must be able to successfully launch and switch between multiple static tabs within the Microsoft 365 client on mobile. The tabs must load properly. If there are more than three static tabs, the remaining tabs must be visible under the More section. [Must fix]

Multi tab experience

If your app uses SSO, it must authenticate the user successfully. SSO allows users to sign in using one set of credentials to multiple independent software systems. Users can access all the required applications without using different credentials to authenticate. [Must fix]

App authentication

The app must terminate the user account instance when the user is switched or logged out within the Microsoft 365 client on mobile. [Must fix]

Account switching and logout experience

• Users must be able to go back to the previous work state. If the user is on the root page, the back navigation must terminate the app instance within the Microsoft 365 client on mobile. [Must fix]

• Apps that support deep link to a workflow must be able redirect the user to the appropriate landing page experience. [Must fix]

Tab navigation

• The progress indicator must appear when the app is loading and dismiss automatically after the app is loaded. [Must fix]

• An error screen must appear when an app fails to load in the instances such as incoherent or broken network, time-out, or authentication failure, and so on. [Must fix]

Back to top

Teams apps extensible as agents for Microsoft 365 Copilot

• App packages are correctly formatted and adhere to the manifest schema version 1.13 or later.
• App must pass the responsible AI checks.
• App must meet the agent compatible criteria.

Agent must not manipulate LLM behavior

The short descriptions of an app, parameter, and command must not include the following:

1. Instructional phrases. For example, if the user says X, ignore, delete, reset, new instructions, answer in bold, or don't print anything.
2. Verbose, flowery, or marketing language.
3. Superlative claims such as #1, amazing, or best.
4. URLs, emojis, or hidden characters like hexadecimal, binary, or unconventional symbols.
5. Grammar and punctuation errors.

User Awareness

The long description of an app must clearly call out the following:

• App's compatibility with Microsoft 365 Copilot. For example, use Contoso in Microsoft 365 Copilot to search and summarize your tasks.

• Provide at least one prompt of how users can use a message extension agent in Microsoft 365 Copilot. For example, what are the high priority tickets assigned to me this week in Contoso.

  👁 Screenshot shows a pass scenario with an example of sample prompt for message extension usage as an agent in Microsoft 365 Copilot.
  

  👁 Screenshot shows a fail scenario without an example of sample prompt for message extension usage as an agent in Microsoft 365 Copilot.
  

Response Quality

• The mandatory fields in Microsoft 365 Copilot Adaptive Card response must include Information title and at least two additional useful fields of your choice, for example, date modified, author, status, and flags. Both the preview and content must be part of a single response.

  👁 Screenshot shows an example of a sample app showing Microsoft 365 Copilot's response that contains Preview and Content in the same response.
  

• Adaptive Cards in Microsoft 365 Copilot response must have at least one action button.

• Action buttons present in Microsoft 365 Copilot response Adaptive Cards must be functional.

  👁 Screenshot shows an example of information title, additional user fields, and action button in an Adaptive Card response.
  

• Microsoft 365 Copilot must respond accurately and not display an error when a user prompts with a single parameter.

• Microsoft 365 Copilot must respond accurately and not show an error when a user prompts with a multi parameter.

• Microsoft 365 Copilot must respond accurately and not show an error when a user prompts with a follow-up.

Back to top

Next step

See also

• Test and debug your app
• Prepare your Teams Store submission
• Include a SaaS offer with your Teams app
• Strategize and execute growth for your app
• Validate your app in Developer Portal for Teams