Microsoft cracks the whip over quality of code in software souk AppSource, orders devs to run the QA gauntlet

Inspire Microsoft is set to launch something called the Business Applications ISV Connect Program at its Inspire conference in Las Vegas next week.

This program will, essentially, strong-arm makers of business applications into getting their software reviewed for quality and security before it can appear on Redmond's online AppSource bazaar. Apps already in the cyber-souk will be booted off unless they too pass the Windows giant's QA checks.

What Microsoft calls "business applications" are those built on its Dynamics 365 and PowerApps platforms. Dynamics 365 covers Customer Relationship Management (CRM) as well as sales, customer service, HR, finance and operations. PowerApps is a low-code application builder based on the Common Data Service, data supplied by Dynamics 365 and Office 365, plus connectors for other cloud services including Salesforce, Slack and Dropbox.

ISVs (that's independent software vendors) can build pre-packaged applications for these platforms, making them available to customers via AppSource, an online marketplace.

Microsoft says that applications on AppSource have not been sufficiently vetted for quality, so far. "In the past, we offered no way for customers to easily assess whether a given ISV app built on the platform would meet a certain quality bar and applications have been installed directly into customer tenants without any in-depth, centrally driven security and performance reviews," says the preview guide for the new program.

That is now changing, Microsoft says. "All cloud-based Dynamics 365 Customer Engagement apps, Dynamics 365 for Finance and Operations apps (except Dynamics 365 Business Central), and PowerApps must enroll in the program and be listed in AppSource upon certification (or recertification). Existing apps in AppSource will remain outside the program until they have been recertified. Eventually all such applications must be recertified or will be removed from AppSource," says the guide.

Microsoft is supporting ISVs who join the program with technical, marketing and sales support. The level of support depends on how much revenue Microsoft makes from the ISV's application. This is either a 10 per cent (standard) or 20 per cent (premium) cut of total revenue.

A self-certification tool lets ISVs test applications before submission. Inspire also sees the launch of ISV Studio, a dashboard showing how apps are performing.

Microsoft is also promising integration between business applications, Azure DevOps and GitHub, presumably enabling a smooth workflow for building, testing and deploying these applications. The event also marks the general availability of two new "accelerators," sets of solutions and samples designed to help developers build applications. One is for vehicle marketing and the other for financial services.

Finally, Microsoft is announcing the general availability of Azure Lighthouse, formerly in private preview. Lighthouse is a new dashboard for managing Azure across multiple customers. Lighthouse uses delegated permissions to enable Microsoft Partners to access and manage the Azure resources operated by their customers. The customer can control the level of permissions using Azure role-based access.

"Partners can now manage tens of thousands of resources from thousands of distinct customers," promises Microsoft CTO Mark Russinovich. It will also be possible for partners to automate status monitoring across their various customers. Lighthouse is both a portal and an API, enabling use from tools such as PowerShell, or integration into custom portals.

Does Azure Lighthouse increase the risk to customers if a Microsoft Partner suffers a security breach and a malicious actor gains access? The answer must be yes; but Microsoft is at least now enforcing multi-factor authentication for all partners with this kind of access. It is an extension of an existing risk, since many partners already have delegated access to Office 365 tenants for their customers. ®

Software News

Jul 22
Taking the reins after Nils Brauckmann retires in August
Jul 22
Better iterators, generators... Semicolons? Who needs 'em?
Jul 18
Co-founder and chief data officer at NPM Inc, moves on
Jul 18
'Empowering' if you've got $$$
Jul 18
Redmond engineer hints at taking super-lang for a spin
Jul 18
Software testing just ain't that special, sniff immigration bod
Jul 18
'No safeguards' on QA accounts, and suddenly this guy gets a Tesla and $1.6m home, say prosecutors