Subject: Complaint Regarding Extension Review – SF Flow Utility Toolkit (Product ID: f5776c7e-21cb-4bd5-a60e-b1377e2bd5ce)
Dear Microsoft Edge Add-ons Support,
I am writing to raise a formal complaint regarding the review of my extension, SF Flow Utility Toolkit (Product ID: f5776c7e-21cb-4bd5-a60e-b1377e2bd5ce), which was completed on 27 April 2026.
The submission was rejected on the basis of policy 1.3.1 (Product is Testable). I have four concerns I would like addressed before I resubmit.
-
Review duration vs. outcome
The review process took a significant amount of time, only to result in a rejection on an administrative basis rather than any substantive technical or policy concern. This has materially delayed our V1.0 go-live. I would appreciate clarification on why this was not flagged earlier in the review process, and what steps Microsoft takes to ensure timely feedback to publishers.
-
This is a 'won't test' problem, not a 'can't test' problem
The rejection note states that test credentials were not provided. It does not state that the reviewer attempted to test the extension and was unable to do so. In our original submission notes, we provided clear instructions directing the reviewer to a free, publicly available Salesforce Developer Edition org — sufficient information for any willing reviewer to test the extension without credentials being supplied. That guidance was not acted upon. This is not a testability failure on our part; it is a refusal to test on the part of the reviewer. Policy 1.3.1 is designed to address extensions that cannot be tested, not extensions where the reviewer has chosen not to make a reasonable effort.
-
The credential request conflicts with Salesforce security best practice
Microsoft's feedback asks us to provide test account credentials as a condition of approval. Sharing usernames and passwords, even for a test environment, runs counter to Salesforce's own security guidance and to widely accepted best practice in the industry. We have concerns about being asked to adopt an insecure practice in order to satisfy a review process, particularly when sufficient alternative testing guidance was already provided and ignored.
-
Trust concerns with Microsoft's testing process
We have no visibility into how submitted credentials are handled, who has access to them, or what reviewers do with them once a review is complete. If we provide credentials and the review is approved, we have no assurance the credentials have been used appropriately. If we provide credentials and the review is rejected regardless, we have handed login details to Microsoft and it's designated reviewer for no outcome. Before we provide any credentials, we require a clear explanation from Microsoft of how test credentials are stored, who can access them, and how they are disposed of following a review.
-
Precedent and confidence in future reviews
SF Flow Utility Toolkit v0.1.0 is a relatively straightforward initial release. We are actively developing additional features that will significantly increase the complexity of the extension and the depth of testing required to review it properly. The failure to conduct even a basic test of v0.1.0 gives us serious concern about whether future versions will receive the level of diligence they will require.
We are prepared to resubmit with dedicated pre-configured test credentials and a structured test plan covering all features. However, given the concerns raised above — particularly regarding credential security — we are not prepared to do so until Microsoft has provided satisfactory answers to points 3 and 4.
We would welcome a formal response addressing all points above, and ask that this complaint be escalated appropriately.
Product ID: f5776c7e-21cb-4bd5-a60e-b1377e2bd5ce
Publisher: ThisIsMarkJones
Thank you for your time.
Mark Jones
Subject: Complaint Regarding Extension Review – SF Flow Utility Toolkit (Product ID: f5776c7e-21cb-4bd5-a60e-b1377e2bd5ce)
Dear Microsoft Edge Add-ons Support,
I am writing to raise a formal complaint regarding the review of my extension, SF Flow Utility Toolkit (Product ID: f5776c7e-21cb-4bd5-a60e-b1377e2bd5ce), which was completed on 27 April 2026.
The submission was rejected on the basis of policy 1.3.1 (Product is Testable). I have four concerns I would like addressed before I resubmit.
Review duration vs. outcome
The review process took a significant amount of time, only to result in a rejection on an administrative basis rather than any substantive technical or policy concern. This has materially delayed our V1.0 go-live. I would appreciate clarification on why this was not flagged earlier in the review process, and what steps Microsoft takes to ensure timely feedback to publishers.
This is a 'won't test' problem, not a 'can't test' problem
The rejection note states that test credentials were not provided. It does not state that the reviewer attempted to test the extension and was unable to do so. In our original submission notes, we provided clear instructions directing the reviewer to a free, publicly available Salesforce Developer Edition org — sufficient information for any willing reviewer to test the extension without credentials being supplied. That guidance was not acted upon. This is not a testability failure on our part; it is a refusal to test on the part of the reviewer. Policy 1.3.1 is designed to address extensions that cannot be tested, not extensions where the reviewer has chosen not to make a reasonable effort.
The credential request conflicts with Salesforce security best practice
Microsoft's feedback asks us to provide test account credentials as a condition of approval. Sharing usernames and passwords, even for a test environment, runs counter to Salesforce's own security guidance and to widely accepted best practice in the industry. We have concerns about being asked to adopt an insecure practice in order to satisfy a review process, particularly when sufficient alternative testing guidance was already provided and ignored.
Trust concerns with Microsoft's testing process
We have no visibility into how submitted credentials are handled, who has access to them, or what reviewers do with them once a review is complete. If we provide credentials and the review is approved, we have no assurance the credentials have been used appropriately. If we provide credentials and the review is rejected regardless, we have handed login details to Microsoft and it's designated reviewer for no outcome. Before we provide any credentials, we require a clear explanation from Microsoft of how test credentials are stored, who can access them, and how they are disposed of following a review.
Precedent and confidence in future reviews
SF Flow Utility Toolkit v0.1.0 is a relatively straightforward initial release. We are actively developing additional features that will significantly increase the complexity of the extension and the depth of testing required to review it properly. The failure to conduct even a basic test of v0.1.0 gives us serious concern about whether future versions will receive the level of diligence they will require.
We are prepared to resubmit with dedicated pre-configured test credentials and a structured test plan covering all features. However, given the concerns raised above — particularly regarding credential security — we are not prepared to do so until Microsoft has provided satisfactory answers to points 3 and 4.
We would welcome a formal response addressing all points above, and ask that this complaint be escalated appropriately.
Product ID: f5776c7e-21cb-4bd5-a60e-b1377e2bd5ce
Publisher: ThisIsMarkJones
Thank you for your time.
Mark Jones