Forum Discussion
Overlapping Teams App Setup Policies?
I have a GCC tenant, so not yet using App Centric Management :-(
We've had some mixed results with 'overlapping' App Setup Policies in Teams, specifically in the case of users having other App Permission Policies assigned to them **in addition to** a specific App Permission + App Setup Policy 'pair' assignment that pushes/pins the app.
Here's the scenario --- seems like it could be a common one:
- Teams App A - with App Permission Policy A - is assigned to Group A
- Teams App B - with App Permission Policy B - is assigned to Group B
- Teams App C - with App Permission Policy C - is assigned to Group C
- [New] Teams App D - with App Permission Policy D *and* App Setup Policy D to push/pin the app - is assigned to Group D, which includes some users already in Groups A,B,C
QUESTION: Since the new App D Setup Policy specifically pins App D only, will this preclude the users who are also in Groups A,B,C from self-pinning & using Apps A,B,C they were originally given permission to?
As mentioned, we've had some mixed results - so curious if anyone else has a similar scenario, or a good reference. We've done lots of searching - but most of the Teams app management seems to be pointing towards the App Centric Management which we don't have.
1 Reply
Microsoft does not support app permission policy assignments for groups, and a user can only have one app permission policy assigned. Not sure if I misunderstood the description above or it's a GCC specific thing, but in any case, the latest assigned policy would be the one in effect (although in general you should give it some time to replicate, changes are far from immediate).
Here are the relevant documentation bits just in case: https://learn.microsoft.com/en-us/microsoftteams/teams-app-permission-policies#considerations-when-using-app-permission-policies
- Teams doesn't support group policy assignments for app permission policies.
- App permission policies take effect only when you apply a policy to a user.
- After you edit or assign a policy, it can take a few hours for changes to take effect.
- A user can't interact with any functionality of an app that the user isn't allowed to use.
- Users can search for blocked apps and request admin approval. Admins retain complete control to approve or ignore user requests.
- App setup policies work together with app permission policies. You select apps to pin in setup policy from a set of allowed apps. However, if a user has an app permission policy that blocks the use of a pinned app, then the user can't use the app.
- App policies apply to users using Teams on web, mobile, or desktop clients.
