Microsoft Active Protections Program
Frequently Asked Questions
MAPP for Security Vendors represents the core of the program that has been in place since 2008 and adds to that even earlier information sharing for qualified partners designed to help protect customers through providing early access to detection data for the upcoming security release, with a requirement for partners to create and deploy signatures within their products. There are three tiers in the MAPP program: MAPP Entry, MAPP ANS, and MAPP Validate.
Much like the Microsoft Security Update Validation Program (SUVP), MAPP Validation provides qualified partners with the ability to test MAPP detection guidance. This community-based approach to validating detection information improves the quality of guidance. MAPP Validate is an invite only program that has finite membership and strict participation criteria.
MAPP ANS (Advance Notification Service) is the second tier of the MAPP for Security Vendors program. It makes MAPP data available to qualified partners on five days before the Microsoft Monthly Update Cycle. While this program is open to all security vendors, it is criteria based on program participation, length of time in the MAPP program, and a requirement to be in an information sharing program with Microsoft. Information sharing is covered in the section below.
Entry level MAPP is the traditional MAPP offering, which makes MAPP data available to qualified partners 24 hours before the Microsoft Monthly Update Cycle. All new partner organizations start in the MAPP Entry level tier.
As a first step, send a detailed email message to email@example.com. Someone from the MSRC will follow up with you regarding your information. All submissions should be submitted using the MSRC public PGP key located at https://microsoft.com/msrc/pgp-key
Please send any MAPP-related issues or questions to MAPP@microsoft.com. General security escalations and questions not specific to MAPP programs should be sent to firstname.lastname@example.org. When sending or receiving MAPP detection guidance, the MAPP PGP key will be used. It is located at https://microsoft.com/msrc/pgp-key
In the MAPP context, “active software security protections” are mechanisms that can detect intrusions into a Microsoft system, or defend a Microsoft system from exploitation attempts, absent the availability of a Microsoft security update for the issue being exploited. For example, antivirus definitions that trigger off of malicious behavior, or IDS signatures that block exploitation attempts, are considered active software security protections.
No. MAPP requires that its members actively create signatures or similar threat remediation for their products in-house. MAPP participants are expected to directly use the data provided to them via the program to develop protections internally.
Yes, MAPP is a public program. If you are accepted as a participant, you may market yourself as a MAPP partner. The aspects of the program that are confidential are those that pertain to operations and the data that is provided. All confidential information is subject to the Microsoft Non-Disclosure Agreement.
If you meet MAPP qualification requirements, download and complete the MAPP Active Protections Form and send it to MAPP@microsoft.com.
We have a new program called MAPP for Responders that will be launching very soon that may better suit your needs. If this becomes the case, we can get you in contact with the manager handling that program.
MAPP partners that do not achieve minimum program objectives are subject to suspension and potential expulsion from the program.
You can reach out to us directly at MAPP@microsoft.com.
Microsoft is committed to minimizing risks to customers, and the eligibility criteria are necessary for targeting protections that cover broad groups of customers. Microsoft will continue to evaluate and update the criteria as appropriate.
- Traditional Detection Guidance
- Malicious URLs
- Windows File Hashes
- Threat Indicators (against active attacks on MS based systems)
- Exploit Indicators
- Other information
Microsoft believes in equitable sharing of security information. There is no one formula for what can be shared, but the data should generally help raise awareness of possible threats in the ecosystem. Some examples of shared data are: File Hashes, Malicious IP Addresses, File Names Associated with Known Attacks, Detonation Data, Indicators of Compromise (all types).