Skip to main content

Experience new growth possibilities with Microsoft Advertising today >

Microsoft Advertising Network policies

Disallowed content

June 30, 2023


Malware, phishing, and disallowed software behavior

In addition to compliance with these policies, we also require compliance with the Microsoft Malware Protection Center policies and adherence to prevalent industry guidelines and best practices.

Malicious and unwanted software

Microsoft does not allow the promotion and distribution of either malicious software or unwanted software.

  • Malicious software is software which performs malicious actions on the user’s device, such as compromising personal and financial information or security protocols. Malicious software includes, but is not limited to: trojan, worms, ransomware, trojanclicker, trojanspy, backdoor trojan, exploit, macro virus, virtool, dropper, rogue security software, password stealer, obfuscator, hacktool, virus, spyware (including recording actions performed on the user's device such as keystroke logging) and scareware.
    Microsoft utilizes a series of signals and classifications to determine whether software meets the definition of malicious software.
  • Unwanted software includes software that does not expressly fall under the definition of malicious software, but still includes functionality which limit or deny users’ choice and control on the experience on their own devices or may otherwise compromise user computing experience and/or the performance of the user’s device, browser, operating system or even publisher properties.
    In determining whether software is “unwanted software,” apply the criteria listed below. We also consider the Microsoft Malware Protection Center policies, other Microsoft product requirements (such as Windows), industry guidelines and best practices.


Microsoft does not allow malware or security threats to exist on our publisher pages and will remove the offending ads immediately, without warning, and may take further action to remove advertisers, buyers, or brands if they are determined to present a security risk to Microsoft or its end users. The following is a non-exhaustive list of definitions and activities of malware and security threats that will be subject to immediate removal:

  • The ads contain any script intended to mine the user’s personal data.
  • Ads that auto-redirect to any location or take a user out of an app or browser.
  • Ads that include fake virus warnings or other “scareware” tactics, software updates or phishing content.
  • Direct links to executable files, reinstalls or apps that alter installed software.
  • Ads that click to, or event-tracker links to malicious domains.
  • Ads that use any script intended to mine cryptocurrency.
  • Ads that initiate auto dialing a phone number.
  • Ads that alter the content or page layout of the publisher site.
  • Ads that have a general impact on performance, reliability, and quality of the user’s computing experience (e.g., slow computer performance, reduced productivity, corruption of the operating system, or other issues).
  • Ads that have a negative impact on the security of the user’s computer or attempt to circumvent or disable security, including but not limited to evidence of malicious behaviors. 
  • Ads that use any form of cloaking technology intended to obfuscate any portion of an ad from scanning, audits, or any user segment.


Phishing sites that try to trick visitors into sharing personal data for fraudulent purposes, such as stealing one’s identity, for example, are prohibited.

For more information on compliant collection of personal data, please see the Relevance and quality policies.
To report a site suspected of phishing, please use the Low-quality ad submission & escalation form.

Software disallowed behaviors

  • Software must not include malicious or unwanted software.
  • Software must not create any unexpected behaviors. The software must behave consistently with the declared behavior and functionalities at install.
  • Software must not perform activities that are hidden to the user or otherwise attempt to hide its presence or operation on the device, unless for legitimate background processes (which would be disclosed to users at install). For clarity, this does not include activities that would normally be expected to be hidden as part of regular product functionality, such as calculations.
  • Software must not be designed to evade, circumvent, or impair security checks, antimalware, operating system and browser security scans and protection, or spam filters.
    • Cloaking behaviors or technology, or any behaviors meant to elude scans or detection, is not allowed. The software must not behave differently in a virtual environment or otherwise attempt to elude browser protection, anti-malware detection or fraud filtering.
  • Downloads must not alter, reconfigure, or disable existing software or settings installed on the user’s device without clear disclosure and consent from the user before install.
  • Software must not inhibit or otherwise limit the user`s ability to control and change settings on the device.
  • Software that automatically dials a phone number or connects remotely to another device or system without legitimate reasons and/or user consent is not allowed.
  • Alerts or other technologies must not attempt to mislead users into believing something is wrong with their device that needs fixing when this is not the case (e.g., scareware), or otherwise misrepresent or make exaggerated claims about system health and performance (for example by claiming that the system performance will improve by removing files that do not positively affect system performance).
  • PC cleaner/optimization software should provide error details to further specify their claims, as opposed to merely stating the presence of a certain number of issues.
  • Free downloads must not be made conditional to any forms of consideration, including a sign up or the provision of a cellular phone number (except in the event where sign up/account creation needs to be validated by the user, such as an email account creation validated via text message, or a required app store account creation for example).
  • Software must not weaken or attempt to compromise the security and/or protection of the user device or attempt to disclose any of the personal or sensitive information of the end user.
  • Software may not replace, add to or remove from the webpage by injecting content, or causing site content not to display, from a source with which the site owner does not have an affiliation.
  • Software must not limit the user’s control or programmatic control of the user’s browser default search settings, home page and new tab, either through additional questioning/prompts or other means of prevention when a change to the default search, home page or new tab settings is attempted.
  • Unsigned software is not allowed. All software must be digitally signed by its author(s) using a valid certificate issued by a reputable certification authority.
  • Unauthorized distribution is not allowed. Advertisers and partners may only distribute software which they are authorized to distribute. Please review our Misleading Content Policy to learn more about promotion of third-party products and services.
    • Free desktop software in particular is subject to heightened controls, which may require actual proof of authorized distribution from the software publisher.
  • Software that changes browsing experience must adhere to the browser’s and/or operating system’s respective supported extensibility models and policies. For example, software may not suppress or otherwise circumvent browser consent dialogs.
  • Users must be able to abort software installation prior to completion through a standard “close” button. Aborted installations must be complete, in that no traces of the software remain on the device (including discarding of any selections made prior to abort).
  • Installation programs may only present one single dialog prompt confirming user intent to abort in clear, straightforward language.
  • If a user declines an offer or cancels the install before the installation process is completed, software may not place any shortcuts on the user’s device to continue the installation at a later time.
  • Changes to user’s device and settings, including changes to the search providers, homepages, local file systems and other configurations and user's settings must be easily reversible without negative impact.
  • Undisclosed files that are unnecessary or unrelated to the software being installed must not be installed or delivered.