How to Manage the Set of Teams Apps Available to Users

Manage Apps Page in the Teams Admin Center

Without much fanfare, the Teams Admin Center now boasts a new Manage apps page under Teams apps (Figure 1). The new page gives Teams administrators visibility over the apps published to the Teams app store by Microsoft, third-party developers, and custom apps developed in the tenant.

Teams app setup policies and app permission policies have been around for almost a year to give tenants the ability to assign users a set of apps for the app navigation bar and control whether users can access Microsoft, third-party, or custom apps. Allowing control over apps on an individual app basis builds out the Teams app management framework.

Allowing or Blocking Individual Apps

The basic idea for the app inventory is that tenant administrators can review apps and decide which they want to allow tenant users to access. By default, all apps are allowed, so the task is to review apps and block those which don’t seem appropriate or useful for the tenant. Blocked apps can’t be installed by users and won’t be displayed in the app navigation bar if included in an app setup policy.

Figure 2 shows details of a typical app (chosen at random). The important information show here is:

• Publisher: The organization responsible for creating and maintaining the app.
• Version: The current version of the software.
• Categories: For example, Productivity or Business Management. The publisher chooses which categories an app belongs to.
• Certification: The highest level of certification is Microsoft 365 certified app, which means that Microsoft has reviewed and approved the app against a set of security, compliance, and data handling standards. Wrike and Abode Sign are examples of Microsoft 365 certified apps. When an app is marked as publisher attestation, it means that the app’s publisher certifies the app based on a self-assessment report. Many apps are not currently certified, including some from Microsoft.
• Capabilities: Where in Teams the app can be used. If Team, the app can be installed into a team channel. Other categories include Personal, meaning that a user can install the app for their personal use, and Group chat, meaning that the app can be installed to be shared by participants in a group chat.
• App Id: Each app is assigned a unique identifier (GUID) when it is published to the Teams app store. The identifier is the same across all tenants.

It’s surprising that just a few apps are currently certified by Microsoft or self-certified. Presumably becoming certified is something recommended by Microsoft to app developers, so perhaps it just takes time to go through the process.

If you don’t want an app to be available in the tenant, move the App status slider from On to Off.

Org-Wide App Control

The Manage apps page also includes org-wide app settings for apps. These settings are tenant settings to:

• Allow third-party apps: If On, third-party apps can be installed by users. Turning this setting to Off prevents users installing third-party apps and limits them to apps provided by Microsoft.
• Allow new third-party apps published to the store by default: If On, any new third-party apps published to the Teams app store are visible in the tenant’s Teams app store and are available to users, if the app permission policy assigned to their account allows third-party apps. If Off, new third-party apps do not appear in the app store.
• Allow interaction with custom apps: Custom apps are those developed for your organization. If this control is On, users can install and access custom apps. If Off, they cannot (this setting also disables outgoing webhooks). This setting is Off by default for GCC tenants.

---

Lots of things change in Teams and elsewhere in Microsoft 365 all the time. Stay informed and up-to-date by subscribing to the Office 365 for IT Pros eBook and let us keep an eye on developments for you.