Microsoft Teams is a powerful collaboration hub that integrates seamlessly with various apps, boosting productivity, and streamlining workflows. But managing app access for a large organization can be complex. Here’s where ‘App centric management’ steps in, offering a new and simplified approach to manage Teams apps access for users and groups. This new feature in the Teams admin center will roll out in three different phases.
What is App Centric Management in Microsoft Teams?
App centric management allows admins to control who can install Teams apps and specify which users and groups can access individual apps. This feature replaces Teams app permission policies, offering more granular control and flexibility in managing app access within the organization. According to Microsoft (MC688930), phase 2 of the ‘app centric management’ feature is set to commence in May 2024.
App Centric Management Roll-Out Across Three Phases
As said earlier, ‘app centric management’ feature will be introduced gradually through three major phases.
Phase 1 (late November 2023 – mid March 2024) – This rollout is focused on tenants using only the Global app permission policy without custom ones. Admin settings will be migrated, but user access won’t be affected.
Phase 2 (May 2024) – This rollout targets tenants with both global and custom app permission policies. This phase offers admins the option to transition to app centric management through a migration process. When your tenant receives the ‘app centric management’ feature, existing access privileges set up through the permission policies will stay the same, ensuring a smooth transition.
Phase 3 (Details coming soon) – This rollout is for tenants who skipped migration in phases 1 or 2, they will automatically migrate in Phase 3.
Key Differences Between Permission Policies and App Centric Management
To make the best choice for your organization, it’s crucial to grasp the key differences between these approaches.
App Permission Policy | App Centric Management |
|
|
Configure App Centric Assignments in Teams Admin Center
To manage and assign users or groups to an app in the Teams admin center, follow the steps below.
- Open MS Teams admin center.
- Navigate to Teams apps –> Manage apps.
- Search for the required app and select the app name.
- Click on the Assignments tab and select Assign.
- Choose the appropriate option from the Manage who can install this app dropdown. You can determine app access through three options:
- Everyone in the organization.
- Specific users or groups: Only selected users or groups can access the app. Supported group types include security groups, Microsoft 365 groups, dynamic user membership groups, nested groups, and distribution lists.
- No one.
- Finally, click Apply.
- In case you want to remove assignments from the app, select the required assigned users and choose Remove.
Note – You can view and modify the assignments of a blocked app, but the modified changes will only take effect once the app is allowed.
Default App Assignments for New Apps
Alongside app centric management in the Microsoft Teams admin center, admins have the power to set default assignments for new apps published to Teams app store. By default, organizations allow users to install apps, but you can customize this setting based on requirements.
To ensure that the default setting for new apps is enabled, navigate to the ‘Manage apps’ page in the Teams admin center and click on Org-wide app settings at the top right corner. Then, under the ‘Third-party apps’ section, check whether the Let users install and use available app by default toggle is turned On.
You can view the complete list of apps in your organization using the ‘Manage apps’ page. Further, to manage apps assigned to a user, navigate to the Manage users page, select the user, and check the Apps tab to view and modify the user’s app access.
The Org-wide app settings govern:
- All newly added apps accessible through the Teams app store.
- Existing apps that have not undergone active management, meaning their assignments haven’t been altered.
However, the Org-wide app settings do not extend to:
- Apps with user assignments specifically designated to certain users or groups, which you have personally configured and saved.
- Apps previously assigned to either all users or none individually and saved accordingly.
- Any apps that are currently blocked.
Note – In the org-wide app settings, admins can enable auto install approved apps to automatically make certain apps available to users based on their activity. Further, to regulate app usage within the organization, Microsoft has announced a user request setting for MS Teams apps that allow users to request access to apps that have been blocked within the organization.
Considerations and Limitations of App Centric Management
Once you switch to app-centric management in Microsoft Teams, there are a couple of things to keep in mind.
- After migration, admins can’t access, edit, or use app permission policies in the Teams admin center.
- PowerShell cmdlets for permission policies aren’t supported on tenants that migrate to this feature.
App centric management offers a user-friendly and efficient way to manage apps in Microsoft Teams. By providing granular control and simplifying administration, it empowers you to create a secure and productive collaboration environment for your teams. If you have further queries, reach us through the comments section.