Microsoft has officially eliminated the one-time registration fee for individual developers seeking to publish applications on the Microsoft Store, a significant policy shift first announced at the Build 2025 conference and now in effect as of September 10, 20251. This move removes the previous $19 USD fee, allowing solo creators and hobbyists to distribute software on Windows 10 and 11 devices at no cost1, 5. The change is part of a broader strategic effort to make the Microsoft Store more competitive against rivals and to foster a more inclusive development platform. For security professionals, this policy alters the application supply chain for Windows, potentially increasing the volume of available software and necessitating a renewed focus on supply chain security and code validation processes.
The announcement, which was initially made in May, created immediate anticipation within the developer community. Throughout June and July of 2025, developers actively discussed the pending change on forums like Microsoft Q&A and Reddit, noting that the fee was still in place during that period, confirming the official rollout did not occur until this month4, 6. The delay between announcement and implementation is a common occurrence in large-scale platform changes, allowing the backend systems and verification processes to be properly scaled and secured. The new policy specifically applies to individual accounts; company accounts still require a one-time $99 USD fee1, 2.
Strategic Motivations and Security Implications
This decision is a clear strategic move to increase the competitiveness of the Microsoft Store against established rivals like Apple’s App Store, which charges an annual $99 fee, and Google’s Play Store, which has a one-time $25 fee3, 5, 9. By lowering the barrier to entry, Microsoft aims to encourage innovation and drastically increase the variety of applications available to the Store’s over 250 million monthly active users1, 3, 8. This addresses long-standing criticisms about the Store’s appeal, including past admissions from Microsoft executives like Phil Spencer regarding its shortcomings5. From a security perspective, a larger ecosystem inherently presents a larger attack surface. Security teams must adapt their application control and allow-listing policies to account for a potential influx of new, less-established software publishers, increasing the importance of robust code signing and reputation-based analysis.
The types of applications eligible for free submission include Win32 (encompassing .NET, WPF, and WinForms), UWP, PWA, .NET MAUI, and Electron apps1. This wide range covers a significant portion of the modern Windows application landscape. A key benefit for developers, which also serves as a security control, is that Microsoft hosts all app binaries on its own infrastructure and provides free code signing. This boosts trust and security for end-users by ensuring application integrity and eliminates the need for individual developers to set up and secure their own content delivery networks (CDNs). Furthermore, Windows handles updates for these applications automatically, a critical feature for ensuring patches are deployed consistently1.
New Developer Onboarding and Verification Process
The new onboarding process is hosted at `storedeveloper.microsoft.com` and has been designed to be streamlined2. After signing in with a personal Microsoft Account (MSA), the developer selects “Individual developer (free)” as the account type. The most significant step is the identity verification process, which requires scanning a valid government-issued ID and taking a selfie. This Know Your Customer (KYC)-like process is a crucial security measure designed to add a layer of accountability and deter malicious actors from easily creating anonymous developer accounts for distributing malware. The system then auto-fills profile information from the verified ID before granting instant access to the Partner Center dashboard to begin publishing2.
This geographic rollout is currently live in several key markets, including the United States, India, United Kingdom, Ireland, New Zealand, Australia, China, Brazil, and Turkey. Microsoft has stated it is rolling this out globally and will continue expanding to additional markets over the coming weeks2. For assistance with the new free onboarding process, developers in eligible markets are directed to email `[email protected]`. For all other issues related to account management, app submission, and certification, a support ticket must be raised via the official Windows developer support page2.
Broader Platform Improvements and Revenue Model
The fee waiver was announced alongside several platform improvements at Build 2025 designed to enhance the overall developer experience and application quality8. These include a more transparent and faster certification process with detailed reports and crash logs, free privacy policy hosting provided by Microsoft, and enhanced analytics through “Health Reports” in the Partner Center that provide metrics on crash rates and hang rates. Improved discovery features through better Windows Search integration and an intent-aware Store search powered by AI were also highlighted. Furthermore, a “Microsoft Store FastTrack” program offers free assistance for qualified companies submitting their first app, including a waived company account fee8.
A critical detail for the commercial landscape is the revenue model. Developers of non-gaming applications retain the ability to implement their own in-app payment systems, allowing them to keep 100% of the revenue. However, for games or any applications that choose to use Microsoft’s own commerce platform, the existing fees of 12% for games and 15% for apps remain unchanged1, 5, 9, 10. This distinction is important as it maintains Microsoft’s revenue stream from high-volume commercial software while incentivizing independent development.
Relevance for Security Practitioners
The decision to waive fees will inevitably lead to a substantial increase in the number of applications submitted to the Microsoft Store. While the identity verification process adds a layer of accountability, the sheer volume of new software requires a proportional scaling of security review processes on Microsoft’s end. The company’s certification process will be tested by this influx, and its ability to consistently identify malicious code or policy violations will be critical. For enterprise security teams, this policy change means the Microsoft Store can no longer be implicitly trusted based on a paywall alone. The traditional model of trusting a curated storefront is shifting, and security postures must evolve accordingly.
The provided free code signing is a double-edged sword. While it guarantees the integrity of the application from the developer to the end-user, preventing man-in-the-middle attacks during distribution, it also means that malware, if it passes certification, will be signed by a trusted Microsoft certificate. This could potentially allow malicious software to bypass security software that trusts signed code. Therefore, organizations should ensure their endpoint detection and response (EDR) solutions and application control policies are not overly reliant on signature-based trust and incorporate behavioral analysis and reputation scoring.
Conclusion and Future Outlook
Microsoft’s elimination of the individual developer fee for the Microsoft Store is a significant business and ecosystem development with direct implications for the Windows security landscape. It represents a concerted effort to revitalize the storefront and compete more effectively in the mobile-driven app economy. The immediate effect will be a democratization of Windows software publishing, likely leading to a surge in new and innovative applications.
For those responsible for securing Windows environments, this change underscores the necessity of a defense-in-depth strategy. Reliance on any single control, such as the reputation of a app store, is insufficient. Security teams should reinforce policies around application allow-listing, enhance monitoring for anomalous application behavior, and maintain a robust process for validating the security of software, regardless of its source. The success of this initiative for Microsoft will be measured not only by the quantity of new applications but also by its ability to maintain the security and quality of its store in the face of this new challenge.
