Overview of app management and governance in Teams admin center
In the Teams admin center, we provide a few dedicated pages to manage your apps with granularity and complete control. You manage apps for your organization in the Manage apps page in the Teams admin center portal. Use the URL https://admin.teams.microsoft.com/policies/manage-apps to view and govern all Teams apps that are available in your organization's app catalog, define access to apps using policies, cater to prominent use cases for app management, and more.
App management use cases and the available interfaces
The options to accomplish most of app management use cases are available in Teams admin center. In addition, some options are available in other portals or different pages in the Teams admin center.
App management tasks that are supported in admin center are in the table below.
|App management use cases||Link to the interface||Documentation|
|Control which apps are available to users in your organization by allowing and blocking apps. You can also upload and approve custom apps. After managing apps on this page, you can use app permission and app setup policies to configure what apps are available for specific users in your organization's app store.||Manage apps in Teams admin center||Current article|
|App permission policies control what apps you want to make available to Teams users in your organization. You can use the Global (Org-wide) default policy and customize it, or you can create one or more policies to meet the needs of your organization.||Permission policies||Manage app permission policies|
|App setup policies control how apps are made available to a user with the Teams app. Use the Global (Org-wide default) policy and customize it or create custom policies and assign them to a set of users.||Setup policies||Manage app setup policies|
|You can develop and upload custom apps as app packages and make them available in your organization's app store.||Org-wide app settings in Manage apps||Manage policy setting for custom apps|
|You can customize the Teams app store with your organization's logo, custom background, or color.||Customize store||Customize your organization's app store|
|The Teams app usage report provides information about which apps in use, active users, and other app usage information.||Usage reports||Teams app usage report|
|Your users can add apps when they host meetings or chats with guests. They can also use apps shared by guests when they join meetings or chats hosted externally. The data policies of the hosting user's organization, and the data sharing practices of any third-party apps shared by that user's organization, are applied.||External access||App behavior depending on types of users|
|With guest access, you can provide access to applications and other Teams functionality to people outside your organization, while maintaining control over your corporate data.||Guest access||Guest access in Teams|
|Teams update policies are used to manage Teams and Office preview users who can see prerelease or preview features in the Teams app.||Teams update policies||Teams public preview|
App management tasks that are supported on other portals are in the table below.
|App management use cases||Link to the interface||Documentation|
|Manage licenses and subscriptions of third-party apps in Microsoft 365 admin center||Microsoft 365 admin center||Manage third-party app subscriptions|
|Audit Teams app events on Microsoft Purview compliance portal.||Audit||Teams activities|
|Applications can be granted permissions to your organization and its data by three methods: an admin consents to the application for all users, a user grants consent to the application, or an admin integrating an application and enabling self-service access or assigning users directly to the application. Verify the Graph permissions for apps. Verify the permissions that users provided or that the admins delegated.||Azure AD portal||Review permissions granted to applications|
Allow or block apps
As an admin, you control access to all types of apps that are used across all context by all your users. Teams provides granular controls to configure access for each app and for each user.
To allow an app, all the following settings must be done. To block an app, block it via any one of the following settings.
- Org-wide app settings: Use this setting to allow use of third-party apps in your org. You control the specific apps that are allowed and used.
- Allow an individual app: Use this setting to allow a specific app in your org. You control which users can use a specific app and which users can use apps.
- App permission policy: Use policies to allow all or allow specific users to use an app. You decide access on a per-user and per-app basis.
The Manage apps page is where you allow or block individual apps at the org level. The page displays all the available app and their current org-level app status. To allow or block an app, follow these steps:
- Sign in to the Teams admin center and access Teams apps > Manage apps.
- Select Org-wide app settings and allow the use of third-party apps.
- On the Manage apps page, locate an app and select it.
- Select Allow or Block option.
To allow an app for specific users, see app permission policies.
When a developer publishes an app to the Teams store, some apps may need an admin to configure the app. Before an admin allows such an app, it shows as
Blocked by publisher in the admin center. After following the publisher's guidance to set up the app, you can make it available to users by allowing it.
Stop app usage and remove app
You as an admin can delete custom apps from your organization's store but can't remove apps in the Teams store. To prevent app addition and usage by users, you can block an app for everyone or use permission policy to stop selected users from using an app. You can't remove or uninstall the apps that are already added by users. Blocking the apps prevents users from using it.
Blocked apps may still have access to data from the teams that the apps were added to. To turn off app data access, a Global Administrator, an Application Administrator, or a Cloud Application Administrator must turn off user sign-in in the Azure AD admin center.
Manage org-wide app settings
Use org-wide app settings to control whether users with an F license get the tailored frontline app experience, whether users can install third-party apps, and whether users can upload or interact with custom apps in your organization.
On Manage apps page, select Org-wide app settings. You can then configure the settings you want in the pane.
Under Tailored apps, turn off or turn on Show tailored apps. When this setting is on, users with an F license get the tailored frontline app experience. This experience pins the most relevant apps in Teams for frontline workers. To learn more, see Tailor Teams apps for your frontline workers.
This feature is available for F licenses. Other license types will be supported in the future.
Under Third-party apps, turn off or turn on these settings to control access to third-party apps in your organization:
Allow third-party apps: This setting controls whether users can use third-party apps. If you turn off this setting, your users won't be able to install or use any third-party apps and the app status of these apps is displayed as Blocked org-wide in the table.
Allow any new third-party apps published to the store by default: This setting controls whether new third-party apps that are published to the Teams app store become automatically available in Teams. You can only set this option if you allow third-party apps.
Under Custom apps, turn off or turn on Interaction with custom apps option. This setting controls whether users can use custom apps or not. To learn more about custom apps, see how to manage custom apps.
Select Save. The settings take effect after a few hours.
Admin center settings may allow your users to collaborate with users from other organizations. To understand how apps work with external users in meetings, see Teams apps for external attendees.
Auto install approved apps based on admin approval
Auto install approved apps feature automatically adds approved apps in Teams client of the permitted users. The functionality respects all admin governance controls and only installs apps that the users have used although outside Teams. It reduces manual intervention to add an app and improves user productivity by preventing context-switching. To know more about the feature, see Auto install approved apps in Teams.
Manage org-wide app settings for Microsoft 365 Government
In a Microsoft 365 Government - GCC, GCCH and DoD deployment of Teams, all third-party apps are blocked by default. In GCCH and DOD clouds, the third-party apps aren't available. Additionally, in GCC, you see the following note about managing third-party apps on the app permission policies page in the Microsoft Teams admin center.
Use org-wide app settings to control whether users can install third-party apps. Org-wide app settings govern the behavior for all users and override any other app permission policies assigned to users.
For GCC clouds
On the Teams Apps > Manage apps page, select Org-wide app settings. You can then configure the settings you want in the panel.
Under Third-party apps, turn off or turn on these settings to control access to third-party apps:
- Allow third-party apps: This option controls whether users can use third-party apps. If you turn off this setting, your users won't be able to install or use any third-party apps. In a Microsoft 365 Government - GCCH and DoD deployment of Teams, this setting is off by default.
- Allow any new third-party apps published to the store by default: This option controls whether new third-party apps that are published to the Teams app store become automatically available in Teams. You can only set this option if you allow third-party apps.
Under Blocked apps, add the apps you want to block across your organization. For any third-party app you want to allow in your organization, remove the app from this blocked apps list. A blocked app is not available to any user, regardless of app policies.
Select Save for org-wide app settings to take effect.
To allow third-party apps, either edit and use the global (Org-wide default) policy or create and assign an admin-created policy.
For GCCH and DoD clouds
Sign in to the Teams admin center and access Teams Apps > Permission policies. In GCCH environment, access https://admin.gov.teams.microsoft.us and in DoD environment, access https://admin.dod.teams.microsoft.us.
Select Org-wide app settings. Under Blocked apps, add the apps you want to block across your organization. All third-party apps are added to this list by default. A blocked app is not available to any user, regardless of app policies.
Select Save for org-wide app settings to take effect.
Support information for apps
You may have queries about admin settings or configuration, user flows and app features, app troubleshooting, and more. You receive support information about apps from the following two different sources:
We don't provide direct customer support for Teams apps but we provide the following value adds, useful information, platform features, and app quality checks to our customers:
- We proactively check Teams apps for issues and inform the developer to update their app. Scenarios covered are related to app health, functional issues reported by users to Microsoft, security issues, and so on. For details, see Microsoft enforcement actions for published apps.
- For Publisher Attested and Microsoft 365 certified apps, Microsoft provides the security and compliance information of apps.
- Testing of all apps as part of its app validation program to ensure that all apps work as advertised. If apps don't work as suggested in the app listing, then we contact app developers to request either an update to the app or a removal of the app.
- If app developers don't make the requested updates after a few reminders, we proactively remove the apps from Teams.
- Certification to apps via its Microsoft 365 app compliance program to reassure that app are compliant with the industry-standard frameworks.
App developers provide customer support, updates to the apps, security and compliance information, bug fixes, and so on. The app security and compliance information are available in the admin center in app details page as mentioned above. App developers publish app updates, bug fixes, and vulnerability fixes as per their business requirements, issue severity, and service agreements. For direct support requests and inquiry about app updates, contact the app developer at their website address available at the following two places: