Manage Teams App Permission Policies

Office 365 Pro’s Guide to Manage Teams App Permission Policies

Staying in control of the Team’s app usage is crucial to unlocking the full potential of team collaboration and communication within Microsoft Teams. Because these apps enable users to work uninterrupted without having to leave Teams and make everything closer to them, thereby boosting their productivity. ✅ 

From ensuring compliance with industry regulations to boosting productivity, mastering app permission policies is the key to taking your team’s performance to the next level. Therefore, let us now delve into the technical intricacies of Teams app permission policies and learn how to elevate application usage among Microsoft Teams to new heights. 

Manage Apps Using Organization-Wide Teams App Settings: 

Normally, users use different applications like Polls, Azure Boards, and To do, within Microsoft Teams to increase their work efficiency. This led to the installation of multiple apps and the use of unapproved/unauthorized third-party apps and eventually led to data leaks and violations of company policies! 

Consequently, Microsoft introduced Org-wide application settings to control app usage and restrict access to certain apps or features. With the org-wide settings, you can  

  • Determine whether specific apps can be pinned for F(Front-line) licenses.  
  • Control whether third-party apps can be installed in Teams.  
  • Decide whether custom apps can be uploaded or not. 
Organization-Wide Application Settings
Organization-Wide Application Settings

However, the Organization-wide Teams app settings have a major drawback! It just allows/blocks an app for use in the organization and doesn’t let a granular delegation of application permissions. Therefore, Microsoft introduced Teams app permission policies in the Microsoft Teams admin center.   

Manage Teams App Permission Policies Using Teams Admin Center


Manage Teams App Permission Policies Using Microsoft Teams Admin Center 

Teams’ application permission policies give the ultimate power to admins to control which users can use a specific app. Also, it lets you control access on a per-user and per-app basis. But how is this done?  

Let’s see the actual procedure now!  

✔ Admins can create custom policies and specify which apps are allowed or blocked for specific users or groups within the organization. Once an app policy is created, it can be applied to individual users or groups, ensuring that only approved apps are available for use.

✔ Additionally, Microsoft Teams also provides the ability to control external access to the apps, which means you can block access to apps that are not hosted by Microsoft. This can help to reduce the risk of data breaches and unauthorized access to sensitive information.

By using these controls to block specific applications, the IT team can have a better oversight of what apps are being used and by whom, which will help to improve security, compliance, and productivity. 

Right now, you probably understand the basic idea behind Teams app permission policies, right? Now, further on, let’s move on to explore the different ways to create, edit and assign the app permission policies. 

Create App Permission Policies in Microsoft Teams Admin Center: 

Navigate to the below path and start creating the policy. 

Microsoft Teams admin center –> Teams Apps –> Permission Policies –> Add 

Add app permission policy in Teams admin center
Add App Permission Policy in the Teams Admin Center

Here, you can customize and allow or either block specific Microsoft apps, third-party apps, or custom applications for your organization. To edit a custom app permission policy, select the policy and click ‘Edit’ and proceed to customize further. 

Assign Teams App Permission Policies to Users: 

Here’s where the flaw comes in! 🫤 When setting up permission policies in the Teams app, you can only assign policies to one user at a time. The task needs to be repeated for multiple users. Such a time-consuming task it is! 

To assign policies to a user, click the policy name and navigate to Manage users. Then here, assign the respective policy for the necessary users one by one!   

Assign Teams app permission policies to users
Assign Teams App Permission Policies to Users

Assign Teams App Permission Policy to Multiple Users: 

There is, however, a more efficient way if you skip the app permission policies tab! To assign policies to multiple users at a time, navigate the below path and follow the procedures.   

Microsoft Teams admin center –> Users –> Manage Users  

Now, after getting into the respective dialog zone, select the respective users to whom you want to assign the policy. And then, click ‘Edit Settings’ and assign the newly created policy to multiple users. It’s that easy! ✅ 

Assign teams app permission policies to multiple users
Assign Teams App Permission Policies to Multiple Users

Nevertheless, it seems like a tiresome task, doesn’t it? Here we got PowerShell handy to save us time! 

Manage Teams App Permission Policies Using PowerShell


Assign Teams App Permission Policy to Group Using PowerShell: 

Another way to assign app permission policies for multiple users is via groups. Unfortunately, you can’t assign app permission policies to group members using the Teams admin center. Therefore, here PowerShell comes to the rescue! Use the PowerShell cmdlet and assign policies in a jiffy. 

$group = Get-AzureADGroup -SearchString <GroupName> 
$members = Get-AzureADGroupMember -ObjectId $group.ObjectId -All $true | Where-Object {$_.ObjectType -eq "User"} 
New-CsBatchPolicyAssignmentOperation -PolicyType TeamsAppPermissionPolicy -PolicyName <PolicyName> -Identity $members.UserPrincipalName 

Here, when you assign policies using New-CsBatchPolicyAssignmentOperation, it’ll assign the policies to all group members. Thereby, you can assign app permission policies to multiple users at once.  

Note: Teams app permission policies are only assigned to direct members of the groups and not the members of the nested groups.  

Assign Teams App Permission Policies to Bulk Users: 

Instead of assigning policies to individual users, you can import a CSV file and assign the policy to thousands at once! Ensure that the Userprincipalname column has the mentioned header, and run the following cmdlet. 

assign teams app permission policies to bulk users using powershell
Assign Teams App Permission Policies to Bulk Users Using Powershell
Connect-MicrosoftTeams  
$User = Import-Csv C:\custompolicy.csv  
foreach($user in $user){  
Write-Progress -Activity "Adding policy to the $User.user..."  
Grant-CsTeamsAppPermissionPolicy -PolicyName <PolicyName>-Identity $User.user 
If($?)  
{  
Write-Host Successfully added the policy to $User.user -ForegroundColor Green  
}  
Else  
{  
Write-Host Error occurred while adding policy to $User.user -ForegroundColor Red  
}  
} 

Remove Teams App Permission Policy in Office 365: 

You can select the appropriate policy and click on ‘Delete’ to remove any Teams app permission policy using the Teams admin center. For the same task, you can use the following cmdlet and delete the app permission policy. 

Remove-CsTeamsAppPermissionPolicy -Identity <PolicyName> 

Remove Users From Teams App Permission Policy:

Now to remove users from Teams app permission policies, navigate to the following path and follow the steps. 

  1. Microsoft Teams admin center → Users → Manage Users → Actions (In the top-right corner) 
     
  2. Select the policy type, click on the policy you wish to unassign all users from, and select ‘Unassign’. This will remove all the users who are assigned to that policy. 
Remove all users from Teams app permission policy
Remove All Users from Teams App Permission Policy

Get Teams App Permission Policy Members Report 

To date, Microsoft has not exposed a clear platform to get reports on app permission policies. However, if we tweak the available reports in the Teams admin center, we can get the members assigned to each app permission policy. Hopefully, Microsoft will expose the report data soon!  

To get the members of the app permission policies, perform the following actions. 

Navigate to the path: Microsoft Teams admin center → Users → Manage User and select the filter Icon. Here, you can get all the Teams reports like Meeting policies, app permission policies, app setup policies, etc. Eventually, this will list all the members who are assigned to the respective policy. 

get teams app permission policy members
Get Teams App Permission Policy Members


In today’s fast-paced business environment, effective communication and collaboration are key to success. Teams app permission policy plays a crucial role in ensuring the security and privacy of sensitive information while also promoting productive teamwork.  

By implementing a clear and well-defined policy, organizations can ensure that only authorized individuals have access. Overall, Teams app permission policies are an essential component of a comprehensive security and compliance strategy and a great way to make the most out of the Teams platform! 

Leave a Reply

Your email address will not be published. Required fields are marked *

Office 365 Pro’s Guide to Manage Teams App Permission Policies

time to read: 6 min
Follow us!