Xbox Network Policies for PC, Mobile, and Creators Program

Version 3.0 - 12/01/2023

Introduction

The following policies apply when Xbox network services are integrated into a mobile, PC, or console device other than an Xbox console.

If your game is targeting an Xbox console, see Xbox Requirements for Xbox Console Games which apply to that platform. Interested in bringing your PC/Mobile game to an Xbox console? Visit the ID@Xbox program for more information on how to apply.

For developers in the Xbox Creators Program, in addition to the Xbox Network Policies below (for supported features in the creators program) visit the Microsoft Store Policies for the policies relating to the submission of your game to the Store across all Microsoft Devices (PC, Xbox consoles, HoloLens, etc.). Note that there are additional requirements for apps that are primarily gaming experiences or target Xbox consoles, detailed in the section titled "Gaming and Xbox". Xbox network on devices not supported by the Microsoft Store is not available to the Creators Program at this time. Visit the Xbox Creators Program for information on getting started.

Adherence to these integration policies will ensure successful deployment of Xbox network services in your game and consistent implementation across the gaming ecosystem. Failure to adhere to these policies may result in revocation of access to Xbox network services by your title.

For developers creating companion experiences that ask the consumer to sign in with their Xbox identity (Microsoft Account associated with their Xbox profile), the companion experience must comply with all the Xbox network Implementation Policies listed below except for the following:

  • Achievement and awards requirements (XR-055, XR-057, XR-058, XR-060, and XR-062).
  • Multiplayer sessions requirements (XR-064 and XR-067).

Developers must notify Microsoft before releasing Xbox authenticated companion experiences. Examples of Xbox authenticated companion experiences include a website for game stats or community, gaming second screen experiences, or any app or game which interacts with progress made to their game running on the Xbox network.

Store policies

Games which use Xbox network are still subject to the store polices for the application platforms which they submit their game to. For Microsoft Store, the store policies are located here.

For PC games submitted to the Microsoft Store which have Xbox network features, there will be Xbox Certification testing to ensure the Xbox network features function correctly and that parental controls are respected prior to release. This testing will occur in parallel to normal store testing, adding no additional delays to your publishing timeline on the Microsoft Store.

Policy enforcement process

You are free to release and update your Xbox network integrated game on any store or platform, outside of the Xbox console, without any additional certification testing, except for those required by the store or platform on which your game will be published and released. Microsoft will monitor released games via the following mechanisms:

  1. Customer complaints regarding game functionality.
  2. Spot-check review of select games, including the most popular titles.
  3. Alerts and/or warnings we find in our back-end services.

If your game is found to not adhere to these policies, we will inform you and provide a reasonable timeline to fix based on severity, as determined by Microsoft. Other than in exceptional circumstances, if the issue is not resolved within the requested time-frame we may revoke the game's ability to sign into Xbox network services until the issue is resolved.

For information on how to test your title's adherence to these policies, see Xbox Network Integration Test Cases For PC and Mobile Devices.

Xbox Network Implementation Policies

In order to keep the Xbox network running as a high quality service that respects the privacy and protects the security of its users we enforce a number of Xbox network implementation policies. These policies are referred to as Xbox Requirements (XRs). Failure to comply with XRs will result in your title being denied the ability to publish to the Microsoft store. Titles which are already published might be removed if they do not maintain compliance with XRs. The rest of this article will outline the XRs required to keep a PC or mobile title in good standing.

Player Data and Privacy

Xbox Network Services will provide you with limited user data in order for you to deliver your game to players. This user data includes account identifiers like a user ID (XUID) and gamertag, connections with other players, and data about a player's activities in your game, including usage data, statistics, scores, ratings rankings, and social activity. This data may include personal data as defined under applicable data protection laws. Your access and use of such personal data is governed by the Xbox Network Services Data Processing Addendum for PC & Mobile Games, incorporated herein by reference and accessible here: Xbox Network Services data processing addendum for PC and mobile games

In addition, the following rules apply to personal data provided through Xbox Network Services.

  • Such data may only be used to deliver your game to players.
  • You may not sell, license, or share the data with any third party. Social graph data (e.g., friends' lists) may not be stored, except for the account identifiers of those friends who have linked their own Xbox accounts with your game. Delete all account identifiers when you remove your game from our service, or when a user de-links their Xbox account from your game.
  • Do not share services or user data (even if anonymous, aggregate, or derived data) to any ad network, data broker or other advertising or monetization-related service.
  • When Microsoft receives requests from players to delete their personal data, we will communicate the requests to you by providing a list of player identifiers. You must check the list at least every 30 days to ensure you receive all delete requests and must use the information provided on the list only to satisfy the delete requests of players. You can find details about this process at Deleted Account List Tools.

Base requirements

XR-022: Official Naming Standards *

Titles must use the naming standards defined in the latest release of the terminology list for their target device platforms:

On Xbox consoles, titles must not refer to components of the console system or components of peripherals using terms that are not specifically included in the terminology list.

XR-074: Loss of Connectivity to Xbox and Partner Services *

Titles must resolve errors with Xbox network and partner services connectivity. Titles must honor the retry policies set by Xbox network when attempting to retry a request to the Xbox service after a failure has occurred. Titles must appropriately manage messaging the user when services are unavailable. For example, if a partner service other than the Xbox network is not available, the game should not indicate that there is an issue with the Xbox network.

XR-132: Service Access Limitations *

Titles which exceed title and user based limits when calling Xbox network services or do not adhere to Xbox network service retry policies may be subjected to rate limiting, which may result in service interruption or deprecation. Failure to adhere to the specified limits may block a title from release, and in-production issues with released titles may result in Xbox network services suspension up to and including title removal.

User Profiles

The requirements in User Profiles apply to how a game interacts with the Xbox user models, profiles, and saving user data.

XR-045: Xbox network and Account Privileges *

The Xbox network provides users with an expected level of privacy and online safety for themselves and their children. In order to deliver on that promise, titles must check the Xbox network service for privileges to complete certain actions on the Xbox network service or in a title experience.

Activity ID Privilege Name Notes
Playing in a multiplayer game session 254 XPRIVILEGE_MULTIPLAYER_SESSIONS Allows a user to join online multiplayer gameplay sessions with real-world users (not bots) in scenarios such as: Synchronous player-vs-player gameplay in the same session, asynchronous turn-based gameplay, Team-based gameplay, User-initiated matchmaking, Sending or accepting invitations, Join-in-progress sessions. Note this privilege does not pertain to local multiplayer games run on the same device.
Playing in a cross network game play session 185 AuthPrivileges.CrossNetworkPlay Allows a user to participate in a gameplay session with other real-world players who are not signed into Xbox services in scenarios such as: Synchronous player-vs-player gameplay in the same session, asynchronous turn-based gameplay, Team-based gameplay, User-initiated matchmaking, Sending or accepting invitations, Join-in-progress sessions.
Communication with anyone 252 XPRIVILEGE_COMMUNICATIONS Allows a user to communicate with any other Xbox network users through voice or text.
Shared gaming sessions 189 XPRIVILEGE_SESSIONS Allows a user to participate in connected single-player experiences in shared environments or in scenarios where a title is a hybrid free to play and paid multiplayer title and uses this privilege to gate those experiences Xbox consoles. Single player experiences must not have any features covered under privilege 252 or 254 (Communications and Multiplayer, respectively). Use of this privilege is a title capability that requires platform approval.
User-generated content (UGC) 247 XPRIVILEGE_USER_CREATED_CONTENT Allows a user to see other users' UGC online, download other users' UGC, or share their own UGC online. This does not restrict usage of previously downloaded UGC.
Sharing to a social network 220 XPRIVILEGE_SOCIAL_NETWORK_SHARING Xbox consoles Only: Allows a user to share information, including game progress, Kinect-generated content, game clips, and so on outside of the Xbox network.

Free to play titles, demos, or betas can be configured to allow multiplayer gameplay (ID 254) for players who are not Game Pass subscribers. This is done via a service side configuration and can be initiated by contacting your Microsoft representative. These titles must continue to check for the multiplayer game privilege to ensure that parental controls and player choices are respected.

XR-046: Display Name and Gamerpic *

On Xbox consoles, titles must use the Gamertag as their primary display name. Based on development architecture and design choice titles can choose between the player's modern gamertag (GDK) or their classic gamertag (ERA or GDK)

On non console platforms, while not required, we recommend you use the Xbox network player's gamertag in the appropriate locations within the game title's experience.

The gamertag used must be displayed correctly in the title based on the gamertag type used:

  • Modern Gamertag: Display all 16 characters of the unique modern gamertag, which includes up to 12 characters of the modern gamertag, followed by # and the suffix number (if present). For example: Major Nelson (no suffix present) or Major Nelson#881. If modern gamertags are used, all Unicode character ranges available for modern gamertags must be supported. For more modern gamertag information and best practices visit the GDK development documentation article 'Overview of modern gamertags'
  • Classic Gamertag: Correctly display all 15 characters of the classic gamertag. Classic gamertags include only ASCII characters a-z, A-Z, 0-9, comma (,), and space (ASCII character 0x20). For example: Major Nelson

In the GDK these items are returned using the XUserGetGamertag API. In ERA the gamertag is obtained using the GetUserProfileAsync API.

XR-048: Profile Settings Usage *

The Xbox network service is the source for Xbox network user profile information. Games must not store user information sourced from the Xbox network, such as profile data, preferences, or display names, beyond a locally stored cache used to support loss of network connectivity. Any such caches must be updated on the next available connection to the service.

XR-052: User State and Title-Save Location, Roaming and Dependencies *

Titles must associate progress, saved state, preferences, achievements, and other rewards with the user(s) who have recorded that progress, chosen the preferences, or earned the rewards. Titles accomplish this by properly handling user-change notifications. Titles must avoid saving state for users who are no longer signed in. Game save data must not have any dependencies on shared content or local storage.

For games that use the same TitleID across platforms, devices and/or console generations, game save progress must roam when the user is signed into the Xbox network as follows:

  • Within the same platform (Xbox consoles).
  • Within devices on the same platform (e.g., Xbox One and Xbox One S).
  • Across generations in the device platform (e.g., Xbox One and Xbox Series X|S).
  • Across PCs in the Windows platform (e.g., between two different PCs).
  • Across PCs in the Windows platform and Xbox console platforms, (e.g., Windows and Xbox Series X|S) game save roaming is not required but is recommended to support the player's experience.
  • For non-Microsoft platforms (e.g., iOS, Android, Switch, PlayStation®) game save roaming is not required but is recommended to support the player's experience.

Online Safety and Privacy

The requirements in this category pertain to the online safety and privacy of Xbox users.

XR-013: Linking Microsoft Accounts with Publisher Accounts *

On Xbox consoles, titles that use partner-hosted services or accounts that require credentials must support all Xbox users and offer to link that account with the user's Microsoft account. Outside of Xbox consoles, titles can choose to allow account linking to support their game experience.

If publisher account sign in is enabled within the title, the following rules apply:

Publisher Account Sign In

  • Accommodate All Users: If a publisher account sign in is required for game features (Single player, multiplayer, cross network gameplay, leader boards), sign in and sign up must support all user types, ages, and regions where the game title is offered and where those features are allowed by local/regional laws irrespective of age rating.
    • A game publisher may choose to not support a particular region, age, etc. for their publisher account. If a region, age group, or other group of players cannot create or sign into an account the title cannot require those users to sign in with an account for game features.
    • If a particular account setting is not supported in a title-based sign-up experience (e.g., age or region) the title must gracefully handle by providing messaging to sign up on an external site or mobile optimized experience where that user is supported.
  • Gain Consent and Provide Terms for Account Information Usage: Titles must request to use and gain consent to use information from the player's Microsoft account to auto populate sign up/account creation experiences. Users must be provided all applicable terms of use, privacy and other policies within the title (or a notice with a link to such information) during a publisher account creation process.
  • Disclose Requirements: If a publisher account is required for gameplay or additional features, it must be disclosed in the title's product description and any physical packaging including any restrictions such as age. In title, the game must define the reason and use of the publisher account.

Publisher Account/Microsoft Account Linking

  • Authentication using the Xbox Secure Token Service (XSTS): XSTS tokens must be used to provide the identity information for authentication when linking the user's publisher account to the user's Microsoft account. For more information about XSTS token authentication see Xbox Live authentication for title services.

  • Gain Consent and Provide Choice: Users must be notified of the account linking of the user's publisher account to the user's Microsoft account. The user must be given the choice to opt-out if linking their accounts. Users must have the ability to de-link accounts.

  • Accommodate All Users: If a publisher account sign in is required for game features (Single player, multiplayer, cross network gameplay, leader boards), sign in and sign up must support all user types, ages, and regions where the game title is offered and where those features are allowed by local/regional laws irrespective of age rating.

Note: Publishers may implement additional fraud prevention mechanisms such as two factor authentication interrupts when a linked account signs in from a new device for the first time. This behavior is not a violation of this XR.

XR-015: Managing Player Communication *

Titles must not transmit user data or allow communication over Xbox network when the user's privacy & online safety settings do not allow it.

Titles meet this XR by retrieving data from Xbox network services. If the title uses its own services, it must check the user's privacy permissions at the beginning of a session or when a new user joins the session. For user-initiated scenarios outside of sessions, titles meet this requirement by checking privacy prior to displaying the user's data and before performing the action. The following list of privacy settings is available for titles to check:

Permission name Description
CommunicateUsingText Check whether or not the user can send a message with text content to the target user.
CommunicateUsingVoice Check whether or not the user can communicate using voice with the target user.

During the gameplay session, titles which offer communication between Xbox network and non-Xbox network players must offer the ability to mute any non-Xbox network players for the duration of the session.

XR-018: User-Generated Content *

User generated content is content that users contribute to an app or product and can be viewed or accessed by other users in an online state. If your product contains UGC, you must:

  • Publish and make available to users a product terms of service and/or content guidelines for User Generated Content either in game or on a title's website
  • Provide a means for users to report inappropriate or harmful content within the product to the developer for review and removal/disablement if in violation of content guidelines and/or implement a method for proactive detection of inappropriate or harmful UGC (for example, text filtering)
  • Titles must remove/disable UGC when requested by Microsoft
  • Gracefully handle scenarios in which a user does not have access to UGC in game
  • Titles integrated with 3rd party mod platforms must integrate with the product's report / complaint API if available and must moderate content if required by respective 3rd party contracts
  • Titles integrated with 3rd party mod platforms must present a disclaimer, dialog, or visual cue to users if the content is not sourced from the developer.

Achievements and Awards

The following requirements apply to titles that offer achievements and awards on the Xbox network.

XR-055: Achievements and Gamerscore *

Titles must provide the required number (minimum and maximum) of achievements and their associated gamerscore at launch. Titles are permitted to add achievements or gamerscore at any time after launch, with or without corresponding new content, but they cannot exceed title-based or calendar-based limits.

A single achievement cannot exceed 200 gamerscore and all achievements in the title must be achievable.

Unlocking achievements in the base game or a content update must represent a thorough exploration of or engagement with game content.

Item Launch Semi-annual additions Lifetime limit
Minimum achievements 10 0 10
Maximum achievements 100 100 500
Gamerscore 1000 1000 5000

Note: "Semi-annual" means January-June, July-December. Base game achievements and Gamerscore do not count towards the semi-annual limits.

XR-057: Unlocking Achievements *

Titles must provide a way for a user to earn all achievements defined by the base title without being required to purchase additional in-title content.

Achievements must be unlocked through in-game actions, gameplay, and/or experiences.

Titles must not provide players alternative options that unlock achievements directly without corresponding gameplay activity. A non-exhaustive list of disallowed options:

  • A real-money purchase

  • In-game cheat codes, consoles, or menu options

These options may be used to reduce the difficulty of the gameplay required to unlock achievements.

XR-058: Achievements Across Multiple Titles or Platforms

Achievements must not be shared across titles. When a single title is supported across different platforms by using the same title ID, a title must share the same set of achievements and can, at their discretion, have platform-specific achievements.

XR-060: Modifying Active Achievements

After an achievement has been published to users, it cannot be removed, nor can its unlock rules or rewards be changed. Achievement text strings (name, description) or art (icons/background) can be modified.

XR-062: Achievement Names and Descriptions

Achievement names and descriptions may contain only content that would merit a rating of PEGI 12, ESRB EVERYONE 10+, or lower.

Achievement names and descriptions may not contain what is commonly considered profanity in a clear text or redacted form.

Multiplayer sessions

The requirements in this category pertain to game titles that provide multiplayer sessions on Xbox. Xbox offers a consistent and simple way to find multiplayer sessions and to fine-tune the parameters used to find those sessions.

XR-064: Joinable Game Sessions and Online Play*

On Xbox consoles, titles that offer joinable game sessions must enable joinability through the Xbox shell interface.

Titles that offer cross platform multiplayer with Xbox consoles from PC devices using Xbox sign in must also enable joins through the Game Bar experience.

XR-067: Maintaining Multiplayer Session State *

On Xbox consoles, titles with online multiplayer functionality must maintain session-state information on the Xbox network. Titles do this through the Xbox Multiplayer Session Directory (MPSD) or if a title has their own multiplayer session state functionality, they may choose to instead record player interactions using the Multiplayer Activity Recent Player feature.

On devices other than Xbox consoles, titles which offer cross platform multiplayer with Xbox consoles must maintain session-state information in the Xbox Multiplayer Session Directory (MPSD). If they have their own session state functionality, they may choose to instead record player interactions using the Multiplayer Activity Recent Player feature.

Changes in this Release

Date Document version Change description
December 1, 2023 12.0 Consolidated XRs 050 and 052 into XR-052: XR-052: User State and Title-Save Location, Roaming and Dependencies

* Removed XR-050
* XR-052 added to Xbox PC Requirements (correct user association and cloud-save roaming between PCs).
* XR-052 test cases added to Xbox PC Requirements and Test Cases.

XR-037: Dependencies on Content Packages: Added deep-dive page with implementation guidance and best practices.

Betas and Game Previews: Removed Kinect XRs.

Console BVTs: Removed the following BVTs as they are no longer applicable:
* 04 Bundled Peripherals
* 06 Content Update
* 11 Submission Documentation
* 16 Multi-Disc