3rd party app privacy in Microsoft Teams

One common question I see a lot of discussion around is should an organisation enable third party apps in Microsoft Teams?

Third party apps in Teams are a great way for users to enable more functionality directly within Microsoft Teams, organisations can increase adoption of Microsoft Teams by enabling the 3rd party add-ins.

By enabling 3rd party apps users can use tools they use on a day to do basis without having to exit Microsoft Teams.

Some organisations switch off all of the 3rd party applications, some enable them all while other organisation control which 3rd party apps are made available to specific users.

By far the biggest concerns in enabling 3rd party apps in Teams are data privacy and how do we support the users using 3rd party apps.

Privacy and governance

Most organisations will have gone to great lengths to ensure that Microsoft365 and Microsoft Teams are secure, they understand who has access to their data and know where their data is stored.

3rd party apps in Microsoft Teams and Microsoft365 in general add a further layer of complexity when it comes to who has access to data and where information is stored.

Microsoft have published Microsoft Teams App Security and Compliance information for a while now, and it can be found at

https://docs.microsoft.com/en-us/microsoft-365-app-certification/teams/teams-apps

Each 3rd party app is listed along with the publishers details, whether the publisher has attested the app, if the app has been certified, data handling information, Cloud App Security information, Cloud Security Alliance Information and app capabilities.

As you can see in the video above each publisher details much of the information you would need to review the impact on privacy and security if it was to be enabled for the users in your tenancy.

Service Transition

Many organisations has a service transition process to ensure that services and applications that are launched can be supported by the service desk and the services or apps fit into the overall services for an organisation.

Service transition can take a while as the organisation certifies the apps and services through a defined process. As there are a number of 3rd party apps that may need to be supported a “lightweight” process may be a better approach than a full service transition.

The lightweight process should look at the application, who will be using it, what the security and privacy implications are of enabling the app and how it would be supported.

Many service desks are concerned about the extra work supporting a wide number of apps could bring. One approach that has been successfully tried in a number of organisations is that the users are responsible for supporting the 3rd party apps, after all they may be using the apps already. The service desk can continue to support the apps used widely by the organisation and the service as a whole.

Leave a Reply