Forum Discussion
MS Teams App using external domains/third-party tools
- Hello alessio-ragni - Yes, this looks a feasible solution.
You can also validation your application via following the steps: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/appsource/prepare/submission-checklist?tabs=desktop#validate-your-app-package
And if you have any other issue, you can drop a mail mentioned in this documentation:
https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/appsource/resolve-submission-issues#resolve-issues-and-resubmit-your-app
MicrosoftHi alessio-ragni ,
To have a submitted and approved app that uses a third-party domain that you don't own, you need to ensure that the valid domains listed in the app manifest are under your organization's direct control. This is a requirement under Microsoft's Commercial Marketplace Certification Policy.
Microsoft requires that the domains used by the app are under your organization's control to ensure security and compliance. This means that you should have administrative control over the domain and be able to manage its settings and configurations.
If you want to use a third-party domain that you don't own, you will need to work with the domain owner to transfer control of the domain to your organization. Once you have control over the domain, you can include it in the app manifest and submit the app for validation.
It's important to note that Microsoft validates the functionality, usability, and security of all apps available in the Teams Store, including third-party apps. This validation process ensures that only high-quality apps are available to users. Microsoft also encourages apps to be a part of optional compliance programs to demonstrate adherence to industry standards, data handling, and security.
Vaibhav-MSFT thanks for your response.
For sure, we want to be 100% MS-compatible; that's the reason why I asked before.
Our app needs a combination of our domain endpoints and some third-party domain endpoints.
Based on your response, an idea that we have is to use only our endpoints (that we own) and, when it's needed, call "behind the scenes" the other endpoints (the same that we do when calling any other APIs).
In this way, the "validDomains" will only contain our domains, and we will be happy to help your team to address any questions regarding the functionality, usability and security of our apps.
Vaibhav-MSFT, what do you think about this approach?
That will be much better than asking the 3rd party vendor to make us the domain owner.
Thanks for your response.
ChetanSharma-msftHello alessio-ragni - Yes, this looks a feasible solution.
You can also validation your application via following the steps: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/appsource/prepare/submission-checklist?tabs=desktop#validate-your-app-package
And if you have any other issue, you can drop a mail mentioned in this documentation:
https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/deploy-and-publish/appsource/resolve-submission-issues#resolve-issues-and-resubmit-your-app
