Microsoft Store Policies

Document version: 7.18

Publish date: September 10, 2024

Effective date: October 19, 2024

Note

Some older versions of this agreement, along with summary of recent changes are available at Change history for Microsoft Store Policies.

Thank you for your interest in developing products for the Microsoft Store1. "Product" means content in whatever form submitted including, but not limited to, apps, games, titles, add-ons, in-product consumables, subscriptions and any additional content soldor offered in any of our storefronts or within a Product. We’re committed to a diverse catalog of products for customers worldwide. Products on the Store must meet our certification standards, offer customers a truly useful and engaging experience, and provide a good fit for the Store.

A few principles to get you started:

  • Offer unique and distinct value within your product. Provide a compelling reason to download your product from the Store.
  • Don’t mislead our joint customers about what your product can do, who is offering it, etc.
  • Don’t attempt to cheat customers, the system or the ecosystem. There is no place in our Store for any kind of fraud, be it ratings and review manipulation, credit card fraud or other fraudulent activity.

Adhering to these policies should help you make choices that enhance your product’s appeal and audience.

Your products are crucial to the experience of hundreds of millions of customers. We can’t wait to see what you create and are thrilled to help deliver your products to the world.

If you have feedback on the policies, please let us know by commenting in our forum. We will consider every comment.

Table of Contents

Product Policies:

Content Policies:

Product Policies

10.1 Distinct Function & Value; Accurate Representation

  • Your product and its associated metadata, including but not limited to your app title, description, screenshots, trailers, content rating, search terms, and product category, must accurately and clearly reflect the source, functionality, and features of your product.
  • Game products, including products that primarily offer remote game play and/or control functionality of games running on other devices or platforms, or enable access to a catalog of games behind a gaming subscription service, or deliver versions of the same game or from games of a single franchise, must be categorized as a game in our Store.

10.1.1

  • All aspects of your product, including metadata, should accurately describe the functions, features, user experience and any important limitations of your product, including required or supported input devices.

  • Your product must not in any way attempt to mislead customers as to its actual features, functionality, or relationship to other products.

  • Your product title or name must be unique and must not contain marketing or descriptive text, including extraneous use of keywords.

  • Your product must not use a name, images, or any other metadata that is the same as that of other products unless the product is also published by you.

  • The value proposition of your product must be clear during the first run experience.

  • Your product should be listed in the most appropriate category and genre based on the features and functionality it offers.

  • Products submitted as web apps must be published by the domain or website owner.

  • Your product must not claim to be from a company, government body, or other entity if you do not have permission to make that representation.

10.1.2

Your product must be fully functional and must provide appropriate functionality for targeted systems and devices.

10.1.3

Search terms must not exceed seven unique terms, must be relevant to your product, and must not use other product titles unless the product is also published by you.

10.1.4

  • Your product must have distinct and informative metadata and must provide a valuable and quality user experience.
  • Your product must also have an active presence in the Store.

10.1.5

Your product may, with user consent and after initial download of the primary product, enable acquisition of:

  • Other products published by you as long as the other products are also distributed through the Microsoft Store and the acquisition of those products is through the Store.
  • Add-ons or extensions, excluding non-Microsoft drivers or NT services, that enhance the functionality of the product.

10.1.6

Products that are standalone storefronts, whose primary purpose is to enable acquisition of digital goods are allowed on PC devices, subject to the following requirements:

  • While content offered via your product is not subject to certification, your content must adhere to all applicable Store Policies.
  • If your product uses, accesses, monetizes access to, or displays content from a third-party service, ensure that you are specifically permitted to do so under the service’s terms of use.
  • Your storefront must offer a comprehensive catalog of content of sufficient size (a minimum of 20 distinct products, excluding downloadable content and in-app products or offers) to provide a unique and valuable user experience.
  • Products that only offer a single game or app, versions of a single game or app, or a single franchise of games or apps are not considered to offer a comprehensive catalog of content and do not qualify as storefronts.

10.2 Security

Your product must not jeopardize or compromise user security, or the security or functionality of the device, system or related systems. You are solely responsible for all product safety testing, certificate acquisition (unless provided by Microsoft Store signing), and the implementation of any appropriate feature safeguards. You will not disable any platform safety or comfort features, and you must include all legally required and industry-standard warnings, notices, and disclaimers in your product.

10.2.1

  • Products that browse the web must use either the Chromium or the Gecko open source engine. To ensure compatibility and security of user experience they must be updated to be no older than within 2 major versions of those open source projects (for example, if the latest released major version of Chromium is 85, any browser based on Chromium must be on at least Chromium version 83 or later),and known security issues must be patched in a more timely fashion. Any included private or proprietary components, or components not otherwise available under an open source license that affect compatibility of web site experience (such as codecs) shall be licensable on reasonable terms to other browser publishers to achieve compatibility. Compatibility and consistency of web site experience presented to browsers on the same engine shall be the primary test of meeting this engine consistency requirement (including publisher’s own sites). Existing browsers in the Windows Store may continue to use the EdgeHTML engine.

  • Products that browse the web that are made available on the Xbox Console must not offer any functionality that would allow a user of the app to download or copy files, aside from those necessary for functionality of the app.

10.2.2

Your product must not attempt to fundamentally change or extend its described functionality or introduce features or functionality that are in violation of Store Policies through any form of dynamic inclusion of code. Your product should not, for example, download a remote script and subsequently execute that script in a manner that is not consistent with the described functionality

10.2.3

Your product must not contain or enable malware as defined by the Microsoft criteria for Unwanted and Malicious Software. Further, your product must not offer to install secondary software that is not developed by you and does not enhance the functionality of your product.

10.2.4

Your product may depend on non-integrated software (such as another product, module, or service) to deliver its primary functionality if you disclose the dependency at the beginning of the description in metadata.

Generally, dependency on non-Microsoft provided drivers or NT services is not allowed, but may be considered case by case for WHCP certified drivers. (link here). If your product has a dependency on non-Microsoft provided driver(s) or NT service(s), you must disclose that dependency to Microsoft in the certification notes in Microsoft Partner Center.

10.2.5

All game products, (exclusive of games made available through a subscription in PC gaming subscription products) and any products offered on Xbox consoles must be submitted using supported package types for ingestion and distribution by the Microsoft Store. For any products submitted in this manner, such products and in-product offerings must be installed and updated only through the Microsoft Store. (Note: This policy does not apply to products that are subject to the requirements in 10.2.9.)

10.2.6

Apps that enable the mining of cryptocurrency on device are not allowed. Cryptocurrency products that only view public keys (wallet addresses) and associated transaction records are allowed. Apps that enable remote management of the mining of cryptocurrency, cryptocurrency wallets, and trading platforms are allowed, but must be distributed by a Company account.

10.2.7

Your product must clearly communicate and enable a user’s ability to cleanly uninstall and remove your product from their device.

10.2.8

You are required to use supported methods and must obtain user consent to change any user’s Windows settings, preferences, settings UI, or modify the user’s Windows experience in any way. Unsupported methods include but are not limited to use of accessibility APIs or undocumented or unsupported APIs in unsupported ways. Further details on supported methods can be found at this link.

10.2.9

Non-gaming products may submit an HTTPS-enabled download URL (direct link) to the product’s installer binaries. Products submitted in this manner are subject to the following requirements:

  • The installer binary may only be an .msi or .exe.

  • The binary and all of its Portable Executable (PE) files must be digitally signed with a code signing certificate that chains up to a certificate issued by a Certificate Authority (CA) that is part of the Microsoft Trusted Root Program.

  • You must submit a versioned download URL in Partner Center. The binary associated with that URL must not change after submission.

  • Whenever you have an updated binary to distribute, you must provide an updated versioned download URL in Partner Center associated with the updated binary. You are responsible for maintaining and updating the download URL.

  • Initiating the install must not display an installation user interface (i.e., silent install is required), however a User Account Control (UAC) dialog is allowed.

  • The installer is a standalone installer and is not a downloader stub/web installer that downloads bits when run.

  • Your product may only be made available to PC devices.

10.3 Product is Testable

The product must be testable. If it is not possible to test your product for any reason, including, but not limited to, the items below, your product may fail this requirement.

10.3.1

If your product requires login credentials, provide us with a working demo account using the Notes for certification field.

10.3.2

If your product requires access to a server, the server must be functional to verify that it's working correctly.

10.4 Usability

Your product must meet Store standards for usability, including, but not limited to, those listed in the subsections below.

10.4.1

Products must support the devices and platforms on which they are downloaded, including compatibility with the software, hardware and screen resolution requirements specified by the product. If a product is downloaded on a device with which it is not compatible, it must detect that at launch and display a message to the customer detailing the requirements.

10.4.2

Products must start up promptly, continue to run and remain responsive to user input. Products must shut down gracefully and not close unexpectedly. The product must handle exceptions raised by any of the managed or native system APIs and remain responsive to user input after the exception is handled.

10.4.3

In instances where the developer has planned to discontinue a product and remove it from the Store (sunsetting) it is the developer's responsibility to notify the consumer in a timely manner and in accordance with any applicable laws. That notice must be reflected on the product description page to notify potential future customers, and it may also include messages inside the product. If product functionality is diminished during this process, the product may remain in the Store for a short period of time for the purpose of notifying customers.

10.4.4

Products submitted in accordance with 10.2.9 (offered via an HTTPS-enabled download URL) must not take an unreasonable amount of time to download.

10.5 Personal Information

The following requirements apply to products that access Personal Information. Personal Information includes all information or data that identifies or could be used to identify a person, or that is associated with such information or data.

10.5.1

If your product accesses, collects or transmits Personal Information, or if otherwise required by law, you must maintain a privacy policy. You must provide users with access to your privacy policy by entering the privacy policy URL in Partner Center when you submit your product. In addition, you may also include or link to your privacy policy in the product. The privacy policy can be hosted within or directly linked from the product. Your privacy policy must inform users of the Personal Information accessed, collected or transmitted by your product, how that information is used, stored and secured, and indicate the types of parties to whom it is disclosed. It must describe the controls that users have over the use and sharing of their information and how they may access their information, and it must comply with applicable laws and regulations. Your privacy policy must be kept up-to-date as you add new features and functionality to your product.

Product types that inherently have access to Personal Information must always have privacy policies. These include, but are not limited to, Desktop Bridge and Win32 products.

10.5.2

You may publish the Personal Information of customers of your product to an outside service or third party through your product or its metadata only after obtaining opt-in consent from those customers. Opt-in consent means the customer gives their express permission in the product user interface for the requested activity, after you have:

  • described to the customer how the information will be accessed, used or shared, indicating the types of parties to whom it is disclosed, and
  • provided the customer a mechanism in the product user interface through which they can later rescind this permission and opt-out.

10.5.3

If you publish a person’s Personal Information to an outside service or third party through your product or its metadata, but the person whose information is being shared is not a customer of your product, you must obtain express written consent to publish that Personal Information, and you must permit the person whose information is shared to withdraw that consent at any time. If your product provides a customer with access to another person’s Personal Information, this requirement would also apply.

10.5.4

If your product collects, stores or transmits Personal Information, it must do so securely, by using modern cryptography methods.

10.5.5

Your product must not collect, store or transmit highly sensitive personal information, such as health or financial data, unless the information is related to the product’s functionality. Your product must also obtain express user consent before collecting, storing or transmitting such information. Your product’s privacy policy must clearly tell the user when and why you are collecting Personal Information and how you will use it.

10.5.7

Products that receive device location must provide settings that allow the user to enable and disable the product's access to and use of location from the Location Service API. You must respect such settings, and if you choose to collect device location data in another way, such data is Personal Information and collection is subject to the other requirements of section 10.5. You must gain legally sufficient consent for your data practices, and such practices must generally comply with applicable laws and regulations.

10.5.8

Your product must follow all applicable safety and privacy laws around the world relating to collection of personal information from children.

10.6 Capabilities

The capabilities you declare must legitimately relate to the functions of your product, and the use of those declarations must comply with our product capability declarations. You must not circumvent operating system checks for capability usage.

10.7 Localization

You must localize your product for all languages that it supports. The text of your product’s description must be localized in each language that you declare. If your product is localized such that some features are not available in a localized version, you must clearly state or display the limits of localization in the product description. The experience provided by a product must be reasonably similar in all languages that it supports.

10.8 Financial Transactions

If your product includes in-product purchase, subscriptions, virtual currency, billing functionality or captures financial information, the following requirements apply:

10.8.1

The following products are required to use the Microsoft Store in-product purchase APIs for the purchase of digital goods and services. Purchase of digital goods and services includes voluntary donations that result in the user receiving digital goods or services in return for the donation, including but not limited to additional features or removal of advertising.

  • (a) Games (excluding games made available through a subscription in PC gaming subscription products and in-app purchases in such games)

  • (b) Products offered on Xbox consoles.

If your product is required to use the Microsoft in-product purchase API it must not direct users to a purchase mechanism other than the Microsoft Store in-product purchase API but may enable users to consume previously purchased digital content or services.

Non-game products made available on PC devices may either use a secure third-party purchase API or the Microsoft Store in-product purchase API for in-app purchases of digital items or services that are consumed or used within the product.

Digital in-product offerings sold in your product using the Microsoft in-product purchase API cannot be converted to, or exchanged for, any legally valid currency (for example, USD, Euro, etc.) or any physical goods or services or other currency of real-world value.

10.8.2

You must use the Microsoft payment request API or a secure third-party purchase API for purchases of physical goods or services, and a secure third-party purchase API for payments made in connection with real-world gambling or charitable contributions. If your product is used to facilitate or collect charitable contributions or to conduct a promotional sweepstakes or contest, you must do so in compliance with applicable law. You must also state clearly that Microsoft is not the fundraiser or sponsor of the promotion.

You must use the Microsoft payment request API or a secure third-party purchase API to receive voluntary donations from users. However, if the user receives digital goods or services in return, including but not limited to additional features or removal of advertising, you must use the Microsoft Store in-product purchase API instead.

In cases where your product’s use of a secure third-party purchase API is allowed or required, the following requirements apply:

  • At the time of the transaction or when you collect any payment or financial information from the customer, your product must identify the commerce transaction provider, authenticate the user, and obtain the user’s confirmation of the transaction.

  • Your product can offer the user the ability to permanently remain authenticated, but the user must have the ability to either require an authentication on every transaction or to turn off in-product transactions.

  • If your product collects credit card information or uses a third-party payment processor that collects credit card information, the payment processing must meet the current PCI Data Security Standard (PCI DSS).

  • If your product requires user registration or payment transaction experience at install, it must take place in the product’s in-app experience. After installation of your product is completed, users may be directed to a browser to complete registration or transactions.

  • Digital in-game product offerings cannot be converted to, or exchanged for, any legally valid currency (for example, USD, Euro, etc.) or other currency of real-world value.

10.8.3

If your product requires financial account information, you must submit that product from a company account type.

Products from individual accounts cannot require financial information for primary functionality.

Financial information includes, but is not limited to, entering bank or credit card account information, account pins or passwords, tax ID information, initiating cryptocurrency transactions, access to cryptocurrency exchanges, API secret keys, private keys, or recovery phrases.

10.8.4

Your product and its associated metadata must provide information about the types of in-product purchases offered and the range of prices. You may not mislead customers and must be clear about the nature of your in-product promotions and offerings including the scope and terms of any trial experiences. If your product restricts access to user-created content during or after a trial, you must notify users in advance. In addition, your product must make it clear to users that they are initiating a purchase option in the product.

If your game offers “loot boxes” or other mechanisms that provide randomized virtual items, then you must disclose the odds of receiving each item to customers prior to purchase. These disclosures may appear: in-product, such as in an in-app store, on the Microsoft Store Product Description Page (PDP), and/or on a developer or publisher website, with a link from the Store Product Description Page (PDP) and/or in-app.

10.8.6

Non-game products made available on PC devices may either use a secure third-party or the Microsoft recurring billing API to bill for subscriptions of digital goods or services, and the following guidelines apply:

  • You may add value to a subscription but may not remove value for users who have previously purchased it.
  • If you discontinue an active subscription, you must continue to provide purchased digital goods or services until the subscription expires.
  • PC gaming subscription products (products whose primary functionality is to enable access to a catalog of games via a subscription service) may either use the Microsoft Store in-product purchase API or a secure third-party purchase API for in-game purchases within games made available through the subscription service, subject to the secure third-party purchase API requirements.
    • Notwithstanding any Store Policies to the contrary, if your game subscription product has a dependency on non-integrated software to deliver content to your subscribers, the dependent software does not need to be available in the Store. The dependency must be disclosed at the beginning of the description metadata.
    • Notwithstanding any Store Policies to the contrary, individual games included in the subscription may be distributed from the Store or from the game service operator. While games delivered outside of the store through the game subscription are not subject to certification, they must adhere to all other applicable Store Policies.

10.8.7

In cases where you determine the pricing for your product or in-app purchases, all pricing, including sales or discounting, for your digital products or services must:

  • Comply with all applicable laws, regulations and regulatory guidelines, including without limitation, the Federal Trade Commission Guides Against Deceptive Pricing.

  • Not be priced irrationally high relative to the features and functionality provided by your product.

10.9 Notifications

Your product must respect system settings for notifications and remain functional when they are disabled. This includes the presentation of ads and notifications to the customer, which must also be consistent with the customer’s preferences, when provided by Windows Push Notification Service (WNS).

If your product uses WINS or web push to transmits notifications, it must comply with the following requirements:

10.9.1

Because notifications provided through WNS or MPNS are considered product content, they are subject to all Store Policies.

10.9.2

You may not obscure or try to disguise the source of any notification initiated by your product.

10.9.3

You may not include in a notification any information a customer would reasonably consider to be confidential or sensitive.

10.9.4

Notifications sent from your product must relate to the product or to other products you publish in the Store catalog, may link only to the product or the Store catalog listing of your other products, and may not include promotional messages of any kind that are not related to your products.

10.10 Advertising Conduct and Content

For all advertising related activities, the following requirements apply:

10.10.1

  • The primary purpose of your product should not be to get users to click ads.
  • Your product may not do anything that interferes with or diminishes the visibility, value, or quality of any ads it displays.
  • Your product must respect advertising ID settings that the user has selected.
  • All advertising must be truthful, non-misleading and comply with all applicable laws, regulations, and regulatory guidelines.

10.10.2

Any advertising content your product displays must adhere to Microsoft’s Creative Specifications Policy. If your product displays advertisements, all content displayed must conform to the advertising requirements of the App Developer Agreement.

10.10.3 Policy removed

10.10.4

The primary content of your product may not be advertising, and advertising must be clearly distinguishable from other content in your product.

10.10.5

Your privacy statement or terms of use must let users know you will send Personal Information to the ad service provider and must tell users how they can opt-out of interest-based advertising.

10.10.6

If your product is directed at children under the age of 13 (as defined in the Children’s Online Privacy Protection Act), you must notify Microsoft of this fact in Partner Center and ensure that all ad content displayed in your product is appropriate for children under the age of 13.

10.10.7

If your product is a game and targets Xbox consoles, then Section 10.13.11 applies and supersedes policies in Section 10.10 where there is conflict.

10.11 Policy removed

10.12 Policy removed

10.13 Gaming and Xbox

For products that are primarily gaming experiences or target Xbox consoles, the following requirements apply:

Note

Additional requirements for titles which use Xbox Live on PC/Mobile and/or the Creators program on Xbox consoles are available at https://aka.ms/xboxlivepolicy.

10.13.1

Game products that target Xbox consoles, including products that primarily offer remote game play/control functionality of games running on other devices or platforms, must use Xbox Live services through the ID@Xbox program. Optionally, you may publish your game product to console without integration of Xbox Live Services through the Xbox Live Creators program.

10.13.2

Game products that allow cross-player communication or synchronous network play on Xbox consoles must use Xbox Live and be approved through the ID@Xbox program.

10.13.3

Game products on Xbox consoles must not present an alternate friends list obtained outside Xbox Live.

10.13.4

Products published to Xbox consoles must not:

  • Include the sale of Xbox game products, Xbox consoles or Xbox console accessories outside the Store.

  • Request or store Microsoft Account usernames or passwords.

  • Enable general browsing of the operating system, file systems or attached physical media file structures.

10.13.5

Game products that use Xbox Live must:

  • Automatically sign the user in to Xbox Live, or offer the user the option to sign in, before gameplay begins.
  • Display the user's Xbox gamertag as their primary display and profile name.

10.13.6

Game products that use Xbox Live and offer multiplayer gameplay, user generated content or user communication:

10.13.7

Game products must gracefully handle errors with or disconnection from the Xbox Live service. When attempting to retry a connection request following a failure, game products must honor the retry policies set by Xbox Games. When they are unable to retrieve configuration information for or communicate with any non-Microsoft service, game products must not direct users to Microsoft support.

10.13.8

Game products must not store user information sourced from Xbox Live, such as profile data, preferences, or display names, beyond a locally stored cache used to support loss of network connectivity. Any such caches must be updated on the next available connection to the service.

10.13.9

Xbox Live game products must comply with the following requirements for service usage:

  • Do not link or federate the Xbox Live user account identifier or other user account data with other services or identity providers.
  • Do not provide services or user data in a way that it could be included in a search engine or directory.
  • Keep your secret key and access tokens private, except if you share them with an agent acting to operate your product and the agent signs a confidentiality agreement.
  • Do not duplicate the Xbox Live Friends service.

10.13.10

Products that emulate a game system or game platform are not allowed on any device family.

10.13.11

The following privacy requirements apply to Xbox Live user data:

  • Services and user data must be used appropriately in games. This data includes (without limitation) usage data, account identifiers and any other personally identifiable data, statistics, scores, ratings, rankings, connections with other users, and any other data relating to a user’s social activity.

  • Services and user data may not be used in conjunction with third-party services for the purposes of serving personalized or targeted advertising on Xbox Consoles.

  • Services and user data are only for use in your game by you. Don't sell, license, or share any data obtained from us or our services. If you receive personal data of end users through Xbox Live, you are an independent controller of such data and must have a privacy statement (or policy) in place with end users governing your use of personal data, as required by the App Developer Agreement. We recommend you include a link to your privacy statement on your website and on the Microsoft Store pages for your games.

  • Don’t store any Xbox Live social graph data (for example, friends lists), except for account identifiers for users who’ve linked their Xbox Live account with your game.

  • Delete all account identifiers, when you remove your game from our service, or when a user unlinks their Xbox Live account from your game. Do not share services or user data (even if anonymous, aggregate, or derived data) to any ad network, data broker or other advertising or monetization-related service.

  • When Microsoft receives requests from end users to delete their personal data, we will communicate the requests to you by providing a list of end user identifiers. You must check the list at least every 30 days to ensure you receive all delete requests and must use the information provided on the list only to satisfy the delete requests of end users. You can find details about this process at Deleted Account List Tools.

10.14 Account Type

Company accounts must be used for organizations, businesses, and any person acting in relation to their trade or profession. Individual accounts are usually appropriate for a single developer working on their own. A company account is required if your product requires financial information for primary functionality (see Policy 10.8.3) or if a reasonable consumer would interpret your application or publisher name to be that of a business entity.

If your developer account is a Company account type, you must provide identification or business verification information during account creation, and you must include customer support contact information that will be displayed on your product’s Product Detail Page (PDP) in certain regions. This information is required to be accurate and current.

Content Policies

The following policies apply to content and metadata (including publisher name, product name, product icon, product description, product screenshots, product trailers and trailer thumbnails, and any other product metadata) offered for distribution in the Store. Content means the product name, publisher name, product icon, product description, the images, sounds, videos and text contained in the product, the tiles, notifications, error messages or ads exposed through your product, and anything that’s delivered from a server or that the product connects to. Because product and the Store are used around the world, these requirements will be interpreted and applied in the context of regional and cultural norms.

11.1 General Content Requirements

Metadata and other content you submit to accompany your product may contain only content that would merit a rating of PEGI 12, ESRB EVERYONE 10+, or lower.

11.2 Content Including Names, Logos, Original and Third Party

All content in your product and associated metadata must be either originally created by the application provider, appropriately licensed from the third-party rights holder, used as permitted by the rights holder, or used as otherwise permitted by law. Intellectual property owners can report infringement complaints via our online form: Report intellectual property infringement.

11.3 Risk of Harm

11.3.1

Your product must not contain any content that facilitates or glamorizes the following real world activities: (a) extreme or gratuitous violence; (b) human rights violations; (c) the creation of illegal weapons; or (d) the use of weapons against a person, animal, or real or personal property.

11.3.2

Your product must not: (a) pose a safety risk to, nor result in discomfort, injury or any other harm to end users or to any other person or animal; or (b) pose a risk of or result in damage to real or personal property.

11.3.3

If your product is intended to provide content related to information, news, or current events in the real world, it must not use or distribute false or deceptive images, video, and/or text, or other content that may cause harm pertaining to individuals, entities, or matters of public concern.

11.4 Defamatory, Libelous, Slanderous and Threatening

Your product must not contain any content that is defamatory, libelous, slanderous, or threatening.

11.5 Offensive Content

Your product and associated metadata must not contain potentially sensitive or offensive content. Content may be considered sensitive or offensive in certain countries/regions because of local laws or cultural norms. In addition, your product and associated metadata must not contain content that advocates discrimination, hatred, or violence based on considerations of race, ethnicity, national origin, language, gender, age, disability, religion, sexual orientation, status as a veteran, or membership in any other social group.

11.6 Alcohol, Tobacco, Weapons and Drugs

Your product must not contain any content that facilitates or glamorizes excessive or irresponsible use of alcohol or tobacco products, drugs, or weapons.

11.7 Adult Content

Your product must not contain or display content that a reasonable person would consider pornographic or sexually explicit.

11.8 Illegal Activity

Your product must not contain content or functionality that encourages, facilitates or glamorizes illegal activity in the real world.

11.9 Excessive Profanity and Inappropriate Content

  • Your product must not contain excessive or gratuitous profanity.
  • Your product must not contain or display content that a reasonable person would consider to be obscene.

11.10 Country/Region Specific Requirements

Content that is offensive in any country/region to which your product is targeted is not allowed. Content may be considered offensive in certain countries/regions because of local laws or cultural norms. Examples of potentially offensive content in certain countries/regions include the following:

China

  • Prohibited sexual content
  • Disputed territory or region references
  • Providing or enabling access to content or services that are illegal under applicable local law

11.11 Age Ratings

You must obtain an age rating for your product when you submit it in Partner Center (see here). You are responsible for accurately completing the International Age Rate Coalition (IARC) rating questionnaire during submission to obtain the appropriate rating.

11.11.3

If your product provides content (such as user-generated, retail or other web-based content) that might be appropriate for a higher age rating than its assigned rating, you must enable users to opt in to receiving such content by using a content filter or by signing in with a pre-existing account.

11.12 User Generated Content

User Generated Content (UGC) is content that users contribute to an app or product and which can be viewed or accessed by other users in an online state. If your product contains UGC, you must:

  • Publish and make available to users a product terms of service and/or content guidelines for User Generated Content either in product or on your website.
  • Provide a means for users to report inappropriate content within the product to the developer for review and removal/disablement if in violation of content guidelines and/or implement a method for proactive detection of inappropriate or harmful UGC.
  • Remove or disable UGC when requested by Microsoft.

11.13 Third Party Digital Storefronts Content

If your product is a storefront, or enables access to a storefront, the storefront must:

  • Publish and make available a developer and/or publisher terms of service and content guidelines for products listed in your marketplace.
  • Provide a means for users to report inappropriate content, or content that violates your terms of service or content guidelines.
  • Implement a method for review and detection of content that is in violation of your terms or guidelines and take enforcement actions.
  • Enable users to opt-into content that is higher rated than the base product and prevent minors from accessing content that is higher rated than their age or parental controls allow.
  • Comply with all legal and regulatory requirements regarding operations of digital storefronts.

11.14 Gambling Apps

Apps that process real-world gambling transactions must:

  • Be an app.
  • Be rated with an 18+ age rating.
  • Use a secure third-party payment API to process these transactions.
  • Real-world gambling is not permitted in the following markets: Brazil, Chile, China, Russia, Singapore, Taiwan, United States of America, Republic of Korea, and India.

Real-world gambling includes any payout of winnings which can be converted into items of real-world value.


1"Store" or "Microsoft Store" means a Microsoft owned or operated platform, however named, through which Apps may be offered to or acquired by Customers. Unless otherwise specified, Store includes the Microsoft Store, the Windows Store, and the Xbox Store.

Certification Appeal Process

All products should adhere to the Microsoft Store Policies listed above. If your product failed in the review process, please review the policies to understand the reason for failure. To ask a question about the review or certification status of a product, you can send an email to [email protected].

Microsoft Store complaint and appeal statistics

Numbers reported on numbers reported on 7/2/2024 (from 7/1/2023 – 6/30/2024)

Statistic (FY2024) Count
App and/or Account Enforcement Action Appeals 829
Complaints about Technological Issues 36
Regulatory Compliance Complaints 0
Questions about certification, policy, submission, and technical help 2,554
Miscellaneous 663
Total Issues 4,542
Overturned decisions 587
Average Processing Time 2.10 days

See also