Home » Blog » Microsoft Teams App Management

Microsoft Teams App Management

Microsoft Teams App Management

Before launching Microsoft Teams in their organization, companies should think about Microsoft Teams App Management and how they want to handle the internal app store. Based on what we hear from our clients, without a plan, sooner or later concerns will grow and management will start to ask:

  • Which apps are installed, and who is using them?
  • Are we protected from data loss? Could external apps cause security leaks?
  • Is our use of app compliant with GDPR? Do these apps use EU or US data centers?
  • Which apps are useful at all, and which are installed but not used?
  • Should we maybe disable all access to the app store?
  • Can and should we track our employees’ use of external apps? Do we have the capacities to control this?

Our own experience shows that these concerns are definitely justified. Our apps are available in the Teams app store, and we often are contacted by people who downloaded them without the knowledge of their organization.


Protect your Teams environment with App Manager

Microsoft Teams App Management Options

In the Microsoft Teams Admin Center at https://admin.teams.microsoft.com you have several options for improving your app governance in Microsoft Teams.

1. Manage apps for Microsoft Teams

Under the Teams apps / Manage apps menu option, you can allow or block apps for your organization. In the main view, you have to do this for each 1,130+ apps individually.

The org-wide settings for apps are also found here. You could, for example, block all third-party apps. A new option is that you can also block all new third-party apps published to the store.

Of course, blocking or allowing all third-party apps will probably not be the best solution for you. In most cases, the best way is some kind of mix, which is what a governance strategy is for.

Manage apps in Microsoft Teams

2. App Permission Policies

After you have selected which apps to allow, you can then create app permission policies for individual users. For a deep dive into Microsoft Teams app permission policies, check out our blog post. An example for a possible implementation would be to block all third-party apps, but create a whitelist of several specific apps that are not blocked.

Permission policies for Teams apps

3. App Setup policies – pre-install apps in MS Teams

Another option is to create app setup policies. Here you can add apps that will always be installed for all users in your organization.

Microsoft Teams app setup policies

4. Customize app store in Microsoft Teams

The fourth and last option in this menu allows you to customize the Teams app store with cosmetic adjustments: change the logo, background image or text color. There are no options for making the store more secure, however. (For a more customized individual app store, take a look at our App Manager.)

Customize the Microsoft Teams app store

5. Usage reports of apps in MS Teams

To find out more about how your users work with apps in MS Teams, go to Analytis & Reports / Usage reports.

In the usage reports, you can select “Apps usage” to show the use of apps in Teams. With this feature, you can discover which apps are maybe not used at all and should be uninstalled.

Reports for app usage in Microsoft Teams

6. App access review for MS Teams with AAD P2

For organizations using Microsoft with Azure Active Directory Premium 2 licenses, there is an advanced option of setting up an app access review. After a certain amount of time specified for each app, administrators are notified and can check whether the app is still in use and needed or can be uninstalled. (Licenses below this tier can control and review app access only manually.)

Advantages of Microsoft Teams app management

With a well-thought out strategy for Microsoft Teams app management, you can close potential security gaps, such as…

  • no data leaks via third-party apps
  • no unplanned additional costs
  • consistent use of apps for specific purposes (e.g. just one specific app for task management)
  • no security risks through custom apps
  • no unused “app corpses” that still have access to your tenant
  • compliance with data protection policies
  • no app tests on your productive environment

Difficulties with Microsoft Teams app governance

On the other hand, a strict app governance policy in MS Teams poses certain difficulties:

  • Your organization is less flexible as users only have access to explicitly allowed apps and not the whole portfolio.
  • Tests and security checks to decide if a required app is allowed can be extremely time-consuming.
  • Subsequent assignment of installed apps is usually no longer traceable to user or application purpose.
  • Automated app access reviews are only possible with AAD P2 or Third Party App (manual reviews are very time-consuming).
  • SaaS applications from other developers are often not privacy or security compliant.

In the end, you will need to carefully weigh all your options for a balanced Microsoft Teams app management strategy and governance policy.

If you would like to be more flexible in managing your apps in Microsoft Teams, take a look at our App Manager. It offers dynamic user groups, your own customizable app store, a request and approval workflow for apps, lifecycle management for apps and many more.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.