Home » Blog » Get Control Over Your Microsoft Teams App Permission Policy

Get Control Over Your Microsoft Teams App Permission Policy

Microsoft Teams App Permission Policy

Why You Need a Teams App Permission Policy

The primary purpose of having a Teams App Permission Policy is to allow or block specific apps. It defines what apps your users or your organization can use.

Types of Teams Apps

There are three types of apps for Microsoft Teams:

  1. First-party apps by Microsoft
  2. Third-party apps
  3. Custom or Tenant apps

You need to have global admin rights or Teams service admin rights in order to create policies to allow or block all these different app types. Once you block a certain app or a whole app type, your users will not be able to download this app from the Teams app store. You can easily manage these policies if you have the respective admin rights.

Download free ebook on Microsoft Teams governance!

How To Manage Teams App Permission Policies

To manage the Teams App Permission Policies, go to the Microsoft Teams Admin Center at https://admin.teams.microsoft.com.

(Alternatively, you can also get there by opening office.com, selecting “Admin”, then “Show All” on the left and clicking on “Teams”.)

In the Teams Admin Center, click on “Teams apps” and select the “Permission Policies” option. From here, you can manage the “Global (Org-wide default)” App Permission Policy as per your requirement, or you can create custom policies for individual users or a certain group of users.

You can see the three types of Teams apps separately available in the App Permission Policy: Microsoft apps, third-party apps and tenant / custom apps.

For each app type, you can make changes and allow or block all apps, allow specific apps and block all others or block specific apps and allow all others.

Note: If you create new org-wide app settings, those will become effective instead of the default global policy or any custom policies.

Adding A Custom Teams App Permission Policy

In order to add new custom Teams app permission policies or to manage existing ones you need to have Teams Service Administrator rights. Here is how you can create a new custom app permission policy:

  1. Open the Microsoft Teams admin center, go to “Teams apps” and select the “Permission policies” option
  2. Click on “+ Add”
  1. Now, enter the name & description of the new policy
  2. For each Teams app type (first-party apps, third-party apps, custom / tenant apps), select if you want to allow all, block all, or allow/block specific apps. In order to allow or block specific apps, simply search for the app name and add it to the allowed / blocked list.

Once it’s done, click on “Save” to create your custom App Permission Policy.

Editing a Teams App Permission Policy

You can also edit your app permission policies as well as the default org-wide policy in the Microsoft Teams admin center.

Again, select “Teams apps” in the admin center menu and go to “Permission policies”. Then, select the Policy you want to edit by either clicking on its name or by placing a checkmark to the left of its name and then clicking on “Edit” in the menu bar above the policies. Now, block or allow any app type or specific apps as explained above. Once you are finished, click on “Save” to update the app permission policy.

Applying Teams App Permission Policies

You can apply the App Permission Policies in the Teams admin center either under “Permission policies” or under “Users”. Unfortunately, with Microsoft out-of-the-box resources, it is only possible to add one user after the other individually.

Under “Permission Policies”

  1. Click to the left of the policy’s name that you want to apply in order to select it
  2. Click on “Manage users” in the menu bar
  1. Enter the user name you want to apply this policy to, and click on add. You need to repeat this for each user individually.
  1. Once it’s done, click on “Apply”.

The changes do not take effect at once; they may take anything between 20 minutes and a full day to become active.

Under “Users”

In the Users section, select the user you want to apply the policy to.

  1. Go to the “Policies” tab.
  2. At Assigned policies, click on “Edit”.
  1. The Edit User Policies menu will open. Under “App permission policy”, select the custom app policy you created earlier.
  2. To save your change, click “Apply”.

Frequently Asked Questions

Is the App Permission Policy also applied on the mobile Teams app?

Yes, if you have blocked an app in the Teams App Permission Policy, then it will also be blocked on mobile phones. No user will be able to download or use this app.

Can I control Line of Business apps (custom apps / tenant apps)?

Yes, if you have admin rights, then you can easily control the use of any app, including LOB apps.

Can I stop the uploading of custom apps?

Yes, if you want to restrict users from uploading custom apps on Microsoft Teams, then you can block custom apps in the permission policy to keep users from uploading any custom apps.

Which part is affected by permission policies?

The permission policies control and manage the installation, use, and discovery of different apps.

What happens when an app is blocked for the user?

When you block a specific app for a particular individual or an organization, they cannot install, interact, or discover those apps anywhere in the Teams app store. They won’t be able to use any of its capabilities either when you block an app. It is blocked for the entire organization, but you can still choose people you want to allow access to.

When the app is blocked, users won’t be able to do the following:
– Add the app personally
– Chat in the app
– Send messages to the app’s host
– Perform tasks that require the use of the blocked app
– See the app or its tab

Do you want to do more to protect your Microsoft Teams environment? Have a look at this blog post on how to manage Teams apps, at our External User Manager for managing and controlling guest users, and at our Teams Manager for teams templates, lifecycles and naming conventions.

Prevent uncontrolled growth in Microsoft Teams with Teams Manager
  • Hallo, vielen Dank für den Beitrag! Kann ich auch irgendwo sehen, welche Mitglieder in der App Permission Policy enthalten sind?

    • Hallo Christian, ja das können Sie. Gehen Sie dazu einfach auf die einzelne Permission Policy, setzen Sie den Haken und gehen dann auf “Manage Users”. Grüße, Solutions2Share

  • Hallo Michelle, das ist meiner Auffassung nach nicht korrekt. Ich habe die gleiche Anforderung wie Christian, ich möchte sehen, WER denn eine bestimmte App Permission Policy zugewiesen bekommen hat. Der Punkt ‘Manage Users’ ist nur ein Drop-Down Menü, welches die Punkte ‘Assign Users’ und ‘Bulk unassign users’ enthält. Unter beiden erhält man keine Antwort auf die Frage. Da Microsoft häufig die naheliegendsten Anforderungen nicht erfüllen kann, gehe ich im Moment davon aus, dass es im UI keine Möglichkeit gibt. Falls ich aber den Wald vor lauter Bäumen nicht sehe, freue ich mich über einen Hinweis. Lieben Dank!

    • Hey Daniel, ich habe auch noch einmal nachgesehen und Sie haben vollkommen recht. Sie können jedoch auf “Manage Users” gehen und rechts über den Filter nach Permission Policies filtern. Folgend sehen Sie dann alle Benutzer, denen die jeweilige Policy zugewiesen wurde. Ich hoffe, das hilft Ihnen weiter!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright 2021 © Solutions2Share GmbH

Terms and conditions Privacy policy Cookie Policy Imprint

Send this to a friend