Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article is intended for verified publishers. It highlights the policy code violations during certification and how to fix them.
| Policy number | Policy description | Expected outcome |
|---|---|---|
| 5000.1.1.1 | Icon validation failure | Package should contain an icon. |
| 5000.1.1.2 | Missing readme file | Package should contain a readme file. |
| 5000.1.1.3 | Missing apiDefinition.json file |
Package should contain apiDefinition.json. |
| 5000.1.1.4 | Malware error | Package shouldn't contain malware. |
| 5000.1.1.5 | Missing files in package | Package should have three files: 1) A valid CRM package 2) Intro.md 3) customProperties.json (in case of multi auth). |
| 5000.1.1.6 | Missing flows in package | Package should contain flow solution and connector solution. |
| 5000.1.1.7 | Missing flow with connector in package | CRM Package should contain a valid solution, which has a flow containing the connector. |
| 5000.1.1.8 | Missing connector in package | CRM Package should contain a valid solution, which has the connector. |
| 5000.1.1.9 | Missing searchable actions in package | Connectors and actions should be searchable using the sample flow contained in the package. |
| 5000.1.1.10 | Missing connector deployment artifacts in package | Package should contain all the valid artifacts for the connector deployment. |
| 5000.1.1.11 | Incorrect placement of files in the package | Package zip file missing from root location (probably because extra folder was added). |
| 5000.1.1.12 | Invalid package structure | Invalid package structure. Couldn't locate the package assets folder. |
| 5000.1.1.13 | Missing solution zip | No solution zip files found in the package. |
| 5000.1.1.14 | Missing workflow folder | Workflows folder not found inside flow solution. |
| 5000.1.1.15 | Invalid workflow solution | Invalid workflow solution. Mismatch between workflows found in customization file and workflow json files present. |
| 5000.1.1.16 | Incorrect placement of solution | Invalid package. Solution not present at correct path or is invalid solution. |
| 5000.1.1.17 | Invalid connector solution | Connector files not found in connector solution. |
| 5000.1.1.18 | Invalid copilot agent package structure bots | Invalid package structure. Couldn't locate the bots folder. |
| 5000.1.1.19 | Invalid copilot agent package structure bots | Invalid package structure. Couldn't locate the bot components folder. |
| 5000.1.1.20 | Missing files in package bot.xml | Invalid package. Couldn't locate the bot.xml file. |
| 5000.1.1.21 | Missing package configuration.json file | Invalid package. Couldn't locate the configuration.json file. |
| 5000.1.1.22 | Missing package contenttypes.xml file |
Invalid package. Couldn't locate the contenttypes.xml file. |
| 5000.1.1.23 | Missing package input.xml file |
Invalid package. Couldn't locate the input.xml file. |
| 5000.1.1.24 | Missing licenseterms.html file |
Invalid package. Couldn't locate the licenseterms.html file. |
| 5000.1.1.25 | Missing publisher registration in Commercial Program | The Publisher is only registered in M365 and Copilot Program. Require the publisher to be registered in Commercial program as well. |
| 5000.1.1.26 | Missing manifest.json file |
The package should contain the flow templates. |
| 5000.1.1.27 | Missing files in flow package | The package should contain the flow with connectors. |
| 5000.2.1.1 | Icon color validation failure | The brand color should be a valid hexadecimal color and shouldn't be white (#ffffff) or default (#007ee5). |
| 5000.2.1.2 | Icon size failure | The icon file size must be below 1 MB. |
| 5000.2.1.3 | Icon format failure | Icon image must be submitted in PNG format as icon.png. |
| 5000.2.1.4 | Icon dimension ratio failure | Ensure that the icon's dimensions are square and fall within the range of 100 x 100 to 230 x 230 pixels. |
| 5000.2.1.5 | Icon color validation failure | Icon must contain a non-transparent, nonwhite color (#ffffff) and not-default color (#007ee5) background and it should match your brand color. |
| 5000.2.1.6 | Icon dimension ratio failure | Create a logo ensuring its dimensions remain below 70 percent of both the icon image's height and width, and ensure a consistent background color. |
| 5000.2.2.1 | Title character limit failure | Maximum of 30 characters in the connector title. |
| 5000.2.2.2 | Title containing reserved words failure | Title can't contain the reserved words (API, Connector, Power Apps, and others). |
| 5000.2.2.3 | Title format failure | Title can't end in non-alphanumeric character, including carriage return, new line, or blank space. |
| 5000.2.2.4 | Title language failure | Must exist and be written in English. |
| 5000.2.2.5 | Title uniqueness failure | Must be unique and distinguishable from any existing connector and/or agent title. |
| 5000.2.2.6 | Title mapping to organization or product failure | Should be the name of your product or organization. |
| 5000.2.2.7 | Title uniqueness failure | The given connector title isn't unique. |
| 5000.2.3.1 | Description language failure | Must exist and be written in English. |
| 5000.2.3.2 | Description grammar failure | Must be free of grammatical and spelling errors. |
| 5000.2.3.3 | Description value proposition failure | Should describe concisely the main purpose and value offered by your connector. |
| 5000.2.3.4 | Description character limit failure | Can't be shorter than 30 characters or longer than 500 characters. |
| 5000.2.3.5 | Description restricted keywords failure | Can't contain any Power Platform/Microsoft Copilot/Microsoft product names (for example, 'Power Apps'). |
| 5000.2.3.6 | Description for Copilot agent failure | Descriptions of the app, parameters, and commands must exclude instructional phrases, URLs, emojis. |
| 5000.2.4.1 | Operation response schema failure | Define operation responses with an exact schema only with expected responses. |
| 5000.2.4.2 | Operation default response schema failure | Don't use default responses with an exact schema definition. |
| 5000.2.4.3 | Operation valid response schema failure | Provide valid response schema definitions for all operations in the swagger. |
| 5000.2.4.4 | Operation empty response schema failure | Empty response schemas aren't allowed except in special cases where the response schema is dynamic. This means no dynamic content is shown in the output and makers must use JSON to parse the response. |
| 5000.2.4.5 | Empty operations failure | Empty operations aren't allowed. |
| 5000.2.4.6 | Empty properties failure | Remove empty properties unless they're required. |
| 5000.2.5.1 | Internal server error | Creation of certification request failed. |
| 5000.2.6.1 | OpenAPI Definition json failure | The OpenApi Definition JSON provided should be complete or properly structured. |
| 5000.2.6.2 | Swagger JSON failure | Swagger JSON should be properly structured and complete, and adhere to OpenAPI 2.0. |
| 5000.2.6.3 | OpenAPI Swagger version failure | SwaggerOpenAPI version (currently, only 2.0 is supported). |
| 5000.2.6.4 | Host URL failure | The host URL isn't as per the required template. |
| 5000.2.6.4 | Consume/Produce section failure | The format for Consumes/Produces section isn't as per the required format. |
| 5000.2.6.5 | Path failure | Invalid paths (definitions of actions and triggers) in the JSON found. |
| 5000.2.6.6 | Definition failure | Invalid definitions (data types used in actions and triggers) in the JSON found. |
| 5000.2.6.7 | Parameter failure | Invalid parameters (parameters that can be used across operations) in the JSON found. |
| 5000.2.6.8 | Connection parameter failure | Type of the connection parameter api_key in ConnectionParameter JSON should be 'secure string'. |
| 5000.2.6.9 | UiDefinition empty failure |
UiDefinition in ConnectionParameter JSON shouldn't be empty. |
| 5000.2.6.10 | UiDefinition description failure |
UiDefinition.Description in ConnectionParameter JSON shouldn't be empty. |
| 5000.2.7.1 | Connector certification check failure | The connectors leveraged in the connector template must always be certified. |
| 5000.2.7.2 | Connector template requirements - PII data check failure | The connector template must not contain any publicly identifiable data. |
| 5000.2.7.3 | Connector template requirements - Connection string check failure | The connector template must not contain any connection strings, API key, SAS URL, etc. |
| 5000.3.1.1 | Oauth authentication failure | Provide the client ID and secret if the connector is Oauth. |
| 5000.3.1.2 | Package validity expired | Package URI should be valid and SAS token shouldn't expire for four (4) days. |
| 5000.3.1.3 | URL failure | Provide valid URL for your website. |
| 5000.3.1.4 | Support email failure | Provide valid support email. |
| 5000.3.1.5 | Privacy policy failure | Provide valid privacy policy link. |
| 5000.3.1.6 | Network security protocol failure | All API calls must use HTTPS with TLS 1.2 or higher. |
| 5000.4.1.1 | Adaptive card content and functionality failure | Previews and content should be part of a single response, mandatory fields should be included, and all actions should be functional. |
| 5000.4.2.1 | Mandatory fields verification failure | Ensure the plugin swagger contains x-ms-keywords since it is used to accurately identify plugins. |
| 5000.4.2.2 | LLM Behavior manipulation failure | Ensure short description, parameters, and command descriptions don't include instructional phrases or prohibited content. |
| 5000.4.2.3 | Domain authenticity failure | Ensure the domain provided in the plugin is valid and owned by you only. |
| 5000.4.2.4 | OpenAI-Enabled check failure | Ensure connector swagger contains openai-enabled. |
| 5000.4.3.1 | Sample prompt and description check failure | Ensure the sample prompt and description are compliant. |
| 5000.4.4.1 | Sample prompts availability failure | Provide the sample prompts. |
| 5000.4.4.2 | Plugin availability failure | Provide required test data to validate different combinations of prompts. |
| 5000.4.5.1 | Inappropriate content test failure | Inappropriate prompts found to test the plugin's responsible AI measures. |
| 5000.4.5.2 | AI-Generated Content Review failure | Plugin is generating/containing, or providing access to inappropriate, harmful, or offensive AI-generated content. |
| 5000.4.6.1 | Mandatory Fields verification failure | Missing at least two (2) additional useful fields (for example, data modified, author, status, flags, and more). |
| 5000.4.6.2 | Action buttons functionality failure | Ensure the Adaptive Card has at least one and a maximum of four functional action buttons. |
| 5000.4.6.3 | Action buttons functionality failure | Ensure all the action buttons are functional. |
| 5000.4.7.1 | Mandatory fields verification failure | Adaptive Card is missing the app logo, app title, information title, and at least two additional useful fields of the developer's choice. |
| 5000.5.1.1 | Search check failure | Ensure system returns relevant results for searches supporting both exact and related terms. |
| 5000.5.1.2 | Message spamming test failure | The system must include an AI conversational bot that avoids spamming users by sending multiple messages in rapid succession. |
| 5000.5.1.3 | Search response check failure | Ensure smooth failure in case of incorrect search parameters, misuse/inappropriate language and for topics that copilots don't specialize. |
| 5000.5.2.1 | Consent check failure | The system must display data from third-party services that accurately reflects user actions, with completion confirmed with a plugin (for example, card) and updates reflected in the 3P service. |
| 5000.5.2.2 | Consent check failure | Ensure modification requests by user prior to confirmation of the action is honored. |
| 5000.5.3.1 | Copilot agent - RAI check failure | Copilot agent must provide mechanism for app users to report inappropriate, harmful, or offensive content to the developer. |
| 5000.5.3.2 | Copilot agent - RAI check failure | Copilot agent must clearly describe Artificial Intelligence (AI) functionality before the customer acquires the offer consistent with policy 100.1.3 and prompt user to review the information as a part of in-app functionality. |
| 5000.5.3.3 | Copilot agent - RAI check failure | Copilot agent must not generate, contain, or provide access to inappropriate, harmful, or offensive Artificial intelligence (AI)-generated content consistent with existing commercial marketplace policies outlined in 100.10. |
| 5000.5.4.1 | Copilot agent - suggested prompt validation failure | Copilot agents must include a minimum of two suggested/follow-up prompts based on history of conversation. |
| 5000.5.4.2 | Copilot agent - prompt validation failure | Copilot agent must include a minimum of three zero query prompts or welcome message. |
| 5000.5.4.3 | Copilot agent - sensitivity label failure | Copilot agent should include sensitivity label. |
| 5000.5.4.4 | Bulk delete policy failure | Bulk delete shouldn't be supported by the Copilot agent. |