Perhaps not legally, but technically, you have an option: don't use the Microsoft Store. This isn't as wild a suggestion as it may seem to non-Windows users: the store is barely used by Windows users. You can get your own code signing certificate from a public CA, sign your own installer, and post it on your website. This is still the primary way that Windows software is distributed. Microsoft does not have a hand in any part of it; they can't cancel anything. Their only role is including the public CA in their root certificate store. If you're not shipping a kernel driver, you don't need Microsoft's permission for anything. You can still ship an .msix installer which is the same technology used by the Store.

I recently de-listed my app in the store and closed my Microsoft developer account. I was wrong for having bothered with it; just a waste of my time for no benefit. Stick to your own deployment.

Realistically speaking - anything could be a reason. A shakedown or blocking based on some "nudge" (this might come across as tin-foiled though). Some flag/trip-wires going wrong, more worryingly due to a bug/false alarm - and this is more worrying because in this case semi-incompetent large orgs like MSFT find it really hard to accept it, fix, and move on. Some change in OP's account that either they don't see or haven't realised - some edge case, you never know.

And of course, it doesn't affect their earnings and there are no consequence, or significant, so they won't care and won't respond or tell what went wrong.

Can one move legally? Sure. But then it effectively is a combo of who blinks first and who can hold their breath longer.

This is a concern and risk that has realised itself multiple times over the past decades. There have been multiple stories linked to multiple developers in the past.

If you publish to any closed platform including ios, mac, win, android, this is the risk you run and a condition of operating you will need to accept.

There's more to it. Signed desktop software can be signed by any CA.

Veracrypt has kernel drivers. Microsoft's ability to control what you can sign is specific to kernel drivers, and Microsoft's trigger finger around bans exists in the world where bad drivers BSOD machines.

In general this isn't your problem.

According to this: https://x.com/EdgeSecurity/status/2041872931576299888

> ...it seems like they instituted an identity verification policy, didn't notify me about it, and then I guess they suspended accounts who didn't do the verification.

So, make sure you verify your account? Check spam folder regularly? Log in via web interface at least once a year?

You just have to start living like they do in Russia and comply in advance. Don't do anything "interesting", no encryption, or if you do, make sure you leave breadcrumbs, scratch that, a bread trail for them to easily get access to customer data. An Oracle or Sharepoint integration maybe?