Battling app sprawl

Frequent Contributor

Yes, I know there are controls to prevent new apps from being used in an org. We use them. 


We are finding more and more though, that people are looking for alternatives to Teams for doing various things. When we look at the use-cases and what they are looking to add, pretty much all the time, Teams can still meet their needs. 

We have tried doing education and hands-on to show people what Teams can do.

We have stated over and over it's not just a matter of app capability but of security and privacy; we can much more closely safeguard the data when its in the O365 ecosystem.

We have done the work to show Teams abilities and a business case for data security, privacy and governance, yet people still persist to add new apps to the environment. One example is Asana. We've used it and honestly, it does the SAME exact things Teams does in connection with Planner and Outlook. Does it come down to an education issue? "Look, you can do all the same things in Asana as you can in Teams AND we can better secure the data."

Anyone have any advice? Thanks.

5 Replies



@Christopher Hoard @Chris Webb @ChristianJBergstrom - you guys are experts - any suggestions?

@Therese_Solimeno @Jleebiker Hey, sorry. In study mode lately for a bunch of certifications.


When it comes to Teams and all the apps you can as an admin be very helpful to your organization by using the Teams app setup policies and permission policies. You can pin apps for the users, be selective and install apps and messaging extensions as well. You can use custom policies too. By using this approach, in combination with organizational information, you will not only prevent sprawl but also narrow down what apps are available in Teams for the users to use, or simply highlight a couple by installing/pinning.


Manage app policies in Teams - Microsoft Teams | Microsoft Docs

I get that, but take the case of Asana specifically. You can use the web version. No install needed. People are going to find a way to access it. This is how Shadow IT rises, when IT orgs don't provide the services/products people THINK they need.
best response confirmed by Therese_Solimeno (Moderator)

There are plenty tools in the M365 environment if the Teams app policies aren’t sufficient. You can block access with Defender for Endpoint, and apps with Defender for cloud apps as an example.

Hmm... Will take a look at Defender. We use it for Endpoints, wasn't aware we could use it for cloud apps as well. That will help, but the other part of that is the education to our staff to look at the MS ecosystem for a solution before going out and shopping for something else. I think that's a whole different strategy.