Microsoft cracks the whip over quality of code in software souk AppSource, orders devs to run the QA gauntlet

Partners also getting Azure Lighthouse, a new portal and API for Azure resources

9 Reg comments Got Tips?

Inspire Microsoft is set to launch something called the Business Applications ISV Connect Program at its Inspire conference in Las Vegas next week.

This program will, essentially, strong-arm makers of business applications into getting their software reviewed for quality and security before it can appear on Redmond's online AppSource bazaar. Apps already in the cyber-souk will be booted off unless they too pass the Windows giant's QA checks.

What Microsoft calls “business applications” are those built on its Dynamics 365 and PowerApps platforms. Dynamics 365 covers Customer Relationship Management (CRM) as well as sales, customer service, HR, finance and operations. PowerApps is a low-code application builder based on the Common Data Service, data supplied by Dynamics 365 and Office 365, plus connectors for other cloud services including Salesforce, Slack and Dropbox.

ISVs (that's independent software vendors) can build pre-packaged applications for these platforms, making them available to customers via AppSource, an online marketplace.

Microsoft says that applications on AppSource have not been sufficiently vetted for quality, so far. “In the past, we offered no way for customers to easily assess whether a given ISV app built on the platform would meet a certain quality bar and applications have been installed directly into customer tenants without any in-depth, centrally driven security and performance reviews,” says the preview guide for the new program.

That is now changing, Microsoft says. “All cloud-based Dynamics 365 Customer Engagement apps, Dynamics 365 for Finance and Operations apps (except Dynamics 365 Business Central), and PowerApps must enroll in the program and be listed in AppSource upon certification (or recertification). Existing apps in AppSource will remain outside the program until they have been recertified. Eventually all such applications must be recertified or will be removed from AppSource,” says the guide.

Business meeting argument

Will you be inspired by Inspire? If Microsoft's Slack-for-suits Teams is your cup of tea, perhaps


Microsoft is supporting ISVs who join the program with technical, marketing and sales support. The level of support depends on how much revenue Microsoft makes from the ISV’s application. This is either a 10 per cent (standard) or 20 per cent (premium) cut of total revenue.

A self-certification tool lets ISVs test applications before submission. Inspire also sees the launch of ISV Studio, a dashboard showing how apps are performing.

Microsoft is also promising integration between business applications, Azure DevOps and GitHub, presumably enabling a smooth workflow for building, testing and deploying these applications. The event also marks the general availability of two new “accelerators,” sets of solutions and samples designed to help developers build applications. One is for vehicle marketing and the other for financial services.

Finally, Microsoft is announcing the general availability of Azure Lighthouse, formerly in private preview. Lighthouse is a new dashboard for managing Azure across multiple customers. Lighthouse uses delegated permissions to enable Microsoft Partners to access and manage the Azure resources operated by their customers. The customer can control the level of permissions using Azure role-based access.

Delegated administration in Azure, enabling the Lighthouse portal and APIs

Delegated administration in Azure, enabling the Lighthouse portal and APIs

“Partners can now manage tens of thousands of resources from thousands of distinct customers,” promises Microsoft CTO Mark Russinovich. It will also be possible for partners to automate status monitoring across their various customers. Lighthouse is both a portal and an API, enabling use from tools such as PowerShell, or integration into custom portals.

Does Azure Lighthouse increase the risk to customers if a Microsoft Partner suffers a security breach and a malicious actor gains access? The answer must be yes; but Microsoft is at least now enforcing multi-factor authentication for all partners with this kind of access. It is an extension of an existing risk, since many partners already have delegated access to Office 365 tenants for their customers. ®


Biting the hand that feeds IT © 1998–2020