Skip to main content
Bewerten 

Becoming a Member of MAPP

Q: What is MAPP?

A: MAPP, which stands for the Microsoft Active Protections Program, is run by the Microsoft Security Response Center (MSRC). The program gives partnering security software providers early access to security vulnerability information in advance of Microsoft’s monthly security update. Early access to this information helps MAPP partners more quickly and effectively integrate protections into their security software or hardware products (such as antivirus software, network-based intrusion detection systems, or host-based intrusion prevention systems).

 
Q: What key services does MAPP provide?

A: MAPP consists of the following key sub programs.

  • MAPP for Security Vendors – A service that provides early access to vulnerability data with three different sharing levels for qualified partners: MAPP Validate, MAPP ANS, and MAPP Entry-Level.
  • MAPP for Responders – A new service that fosters the exchange of attack detection information between Microsoft and incident response partners.
  • MAPP Scanner – A service that scans Microsoft Office documents, Adobe PDF files, and URLs for potential threats.
 
Q: What is MAPP for Security Vendors?

A: MAPP for Security Vendors represents the core of the program that has been in place since 2008 and adds to that even earlier information sharing for qualified partners, as well as a new initiative known as MAPP Validation.

 
Q: What is MAPP Validate?

A: Much like the Microsoft Security Update Validation Program (SUVP), MAPP Validation provides qualified partners with the ability to test MAPP detection guidance. This community-based approach to validating detection information improves the quality of guidance.

 
Q: What is MAPP ANS?

A: MAPP ANS (Advance Notification Service) is a new addition to the MAPP for Security Vendors program. It makes MAPP data available to qualified partners on ANS Thursday, five days before the Microsoft Monthly Update.

 
Q: What is MAPP Entry-Level?

A: Entry level MAPP is the traditional MAPP offering, which makes MAPP data available to qualified partners 24 hours before the Microsoft Monthly Update.

 
Q: What are the qualification requirements for MAPP Validation?

A: To maintain active participation in the MAPP Validation program, partners must have a monthly partner report return rate of 80 percent, a validation report return rate of 80 percent, and an incident response (SSIRP) participation rate of 100 percent.

 
Q: What are the requirements for MAPP ANS?

A: To maintain active participation in the MAPP ANS program, partners must have a monthly partner report return rate of 80 percent and an incident response (SSIRP) participation rate of 100 percent.

 
Q: What are the qualification requirements for Entry Level MAPP?

A: To maintain active participation in the Entry Level MAPP program, partners must have a monthly partner report return rate of 80 percent and an incident response (SSIRP) participation rate of 100 percent.

 
Q: What are monthly partner reports?

A: The monthly partner report is a simple Microsoft Excel spreadsheet that Microsoft provides to MAPP partners for each month’s release. It is used to determine whether partners were able to create signatures for each CVE in the release, and if they were not, the reasons why. It also asks partners to rate the overall quality of the guidance. This feedback is essential in our efforts to improve the quality of guidance provided with each release.

 
Q: What are monthly validation reports?

A: The monthly validation report is a simple Microsoft Excel spreadsheet that Microsoft provides MAPP partners for each month’s release. It is used to collect information for each piece of detection guidance provided for the release. Partners are asked to provide feedback on validation and testing of the detection guidance. This feedback is essential in our efforts to improve the quality of guidance provided with each release.

 
Q: When do I need to provide seven days of telemetry data?

A: Microsoft asks partners to provide seven days of telemetry data only after incident response (SSIRP) events. Such a request may only happen a few times a year. At this time, partners are not asked to provide this data monthly, as it would only be needed in response to an active 0-day attack that Microsoft is aware of. In such cases, Microsoft will specifically request MAPP partners to produce a signature and provide telemetry for the incident.

 
Q: What type of data do I need to provide in telemetry reports?

A: Microsoft only asks that telemetry reports contain the number of detections and geolocation information for their points of origin. It is alright if partners are not able to provide geolocation information; Microsoft is not asking for customer information.

 
Q: How often should I return partner reports?

A: Partner reports are required every month and should be returned to MAPP@microsoft.com within the ten days following the updated Tuesday release. Reports returned after the ten-day window will not be accepted.

 
Q: How often should I return validation reports?

A: Validation reports are required every month for partners enrolled in the MAPP Validation program. The reports should be returned to MAPP@microsoft.com within four days after receiving detection guidance. Reports returned after the four-day windows will not be accepted.

 
Q: How often should I return telemetry reports?

A: Partners only need to provide telemetry reports when requested by the MSRC. Such requests may only happen a few times a year.

 
Q: Who should return validation reports?

A: Only partners participating in the MAPP validation program should return validation reports. If you are not sure which program you belong to please contact MAPP@microsoft.com.

 
Q: Who should return partner reports?

A: All partners participating in any of the MAPP programs should return partner reports every month.

 
Q: Who should return telemetry reports?

A: All partners participating in any of our MAPP programs should return telemetry reports when requested during an incident response (SSIRP) event. Such requests may only happen a few times a year.

 
Q: What if I don’t have feedback for a partner report?

A: If you have no feedback for a partner report, or if you were unable to create a signature for any CVE with the guidance provided, please make note of this in the partner report and return it to MAPP@microsoft.com. Please do not return blank partner reports; please answer yes or no to the questions provided in the report and select an optional reason where applicable.

 
Q: What if I don’t have feedback for a validation report?

A: If you have no feedback for a validation report for the guidance provided, please note this in the report and return it to MAPP@microsoft.com. Please do not return blank partner reports; please answer yes or no to the questions provided and select an optional reason where applicable.

 
Q: What if I am unable to provide telemetry reports for a SSIRP event?

A: It is alright if you do not have the capability to collect telemetry for SSIRP events, but please be sure to respond to such requests to let the MSRC know that you are not able to provide a report.

 
Q: Where do I submit potential security issues that I find?

A: As a first step, send a detailed email message to secure@microsoft.com. Someone from the MSRC will follow up with you regarding your information.

 
Q: What types of issues should I send to MAPP@microsoft.com?

A: Please send any MAPP-related issues or questions to MAPP@microsoft.com. General security escalations and questions not specific to MAPP programs should be sent to secure@microsoft.com.

 
Q: How can my company become a MAPP partner?
 

A: As a first step, complete the Microsoft Active Protections Program Criteria questionnaire. If your answers meet MAPP qualification requirements, then download and complete the MAPP Active Protections Form and send it to MAPP@microsoft.com.

 
Q: What are "active software security protections”?
 

A: In the MAPP context, “active software security protections” are mechanisms that can detect intrusions into a Microsoft system, or defend a Microsoft system from exploitation attempts, absent the availability of a Microsoft security update for the issue being exploited. For example, antivirus definitions that trigger off of malicious behavior, or IDS signatures that block exploitation attempts, are considered active software security protections.

 
Q: If my company develops technology that only uses third-party signatures to provide protections to my clients, can it become a MAPP partner?
 

A: No. MAPP requires that its members actively create signatures or similar threat remediation for their products in-house. MAPP participants are expected to directly use the data provided to them via the program to develop protections internally.

 
Q: If accepted as a MAPP partner, what will I receive?
 

A: MAPP partners receive advance security vulnerability information for those vulnerabilities slated to be addressed in Microsoft’s regularly scheduled monthly security update releases. This information is provided as a package of documents that outline what Microsoft knows about the vulnerabilities. This includes the steps used to reproduce the vulnerability as well as the steps used to detect the issue. Periodically, Microsoft might also provide proof-of-concept or repro tools to further illuminate the issue and help with additional protection enhancement, as long as this information enables software security providers to provide timely and enhanced protections for our mutual customers.

 
Q: How does MAPP make customers safer?
 

A: Microsoft is committed to continuous improvement to help customers manage risk and protect themselves. By sharing vulnerability information prior to the public release of security updates, MAPP enables security software providers who operate at the application and network layers to offer protection to our mutual customers in a timely manner. Without this program, security software providers would have to wait until the public release of a security bulletin before developing protections.

 
Q: Will I be able to tell my customers I am part of MAPP?
 

A: Yes, MAPP is a public program. If you are accepted as a participant, you may market yourself as a MAPP partner. The aspects of the program that are confidential are those that pertain to operations and the data that is provided. All confidential information is subject to the Microsoft Non-Disclosure Agreement.

 
Q: Why does Microsoft use these program criteria?
 

A: Microsoft is committed to minimizing risks to customers, and the eligibility criteria are necessary for targeting protections that cover broad groups of customers. Microsoft will continue to evaluate and update the criteria as appropriate.

 

Featured Video

Trustworthy Computing's Jerry Bryant takes you inside the Microsoft Active Protections Program, or MAPP for short. Learn more about how Microsoft and its partners come together to protect customers

MAPP Partners

If you are a customer of a MAPP partner, you can find out if there are protections for their products available to you.


Go

MSRC Blogs

Microsoft Security :: Microsoft Active Protections Program (MAPP) Frequently Asked Questions:

Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur -Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die -Website verlassen.

Möchten Sie teilnehmen?