SOLVED

Security implications related to third party apps

%3CLINGO-SUB%20id%3D%22lingo-sub-356881%22%20slang%3D%22en-US%22%3ESecurity%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-356881%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20are%20the%20security%20implications%20from%20allowing%20third%20party%20apps%20in%20Microsoft%20Teams%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20been%20searching%20for%20articles%20about%20this%20but%20haven't%20found%20anything.%20Links%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-356881%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-357779%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-357779%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20such%20document%20exists.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-357487%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-357487%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bwhat%20I%20need%20is%20general%20documentation%20about%20the%20security%20implications%20of%20allowing%20the%20use%20of%203rd%20party%20apps.%20I%20don't%20want%20to%20analyze%20each%20individual%20app.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-357456%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-357456%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20cannot%20get%20any%20detail%20from%20there%2C%20it's%20just%20a%20simple%20on%2Foff%20toggle%20for%20all%20the%20first%2Fthird%20party%20apps.%20If%20you%20want%20actual%20details%20on%20the%20app%2C%20you%20have%20to%20look%20it%20up%20in%20the%20store.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-357171%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-357171%22%20slang%3D%22en-US%22%3EWhat%20where%20these%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-357166%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-357166%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20thinking%20about%20the%203rd%20party%20apps%20that%20are%20listed%20in%20the%20(old)%20Teams%20admin%20site%20in%20Office%20365%20Admin%20Center.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-357114%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-357114%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20depends%20on%20the%20type%20of%20app%2C%20but%20the%20general%20rule%20is%20you%20should%20never%20ever%20add%20an%20app%20you%20don't%20know%20the%20purpose%20for%2C%20or%20one%20that%20is%20not%20from%20a%20trusted%20publisher.%20The%20actual%20app%20page%20details%20should%20give%20you%20some%20more%20information%2C%20but%20unfortunately%20Microsoft%20isn't%20too%20demanding%20currently%20and%20for%20many%20apps%20you%20can%20only%20find%20the%20basics%20like%20name%20and%20website...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2002469%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20implications%20related%20to%20third%20party%20apps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2002469%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F28745%22%20target%3D%22_blank%22%3E%40Jakob%20Rohde%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20safely%20rely%20on%20the%20Microsoft%20365%20app%20certification%20program%20to%20qualify%20the%20most%20secured%20apps.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365-app-certification%2Fdocs%2Fenterprise-app-certification-guide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWhat%20is%20Microsoft%20365%20Certification%3F%20-%20Microsoft%20365%20App%20Certification%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%22Microsoft%20365%20Certification%20offers%20assurances%20that%20data%20and%20privacy%20are%20adequately%20secured%20and%20protected%20when%20a%20third-party%20Office%20app%20or%20add-in%20is%20installed%20in%20your%20Microsoft%20365%20ecosystem.%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20certification%20covers%20application%20security%2C%20operational%20security%2C%20data%20handling%2C%20and%20is%20validated%20by%20an%20independent%20cyber%20security%20company.%3C%2FP%3E%0A%3CP%3EFor%20instance%2C%20our%20solution%20SalesTim%20has%20been%20certified%20last%20month%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.salestim.com%2Fmicrosoft-365-app-certification-salestim-announcement%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.salestim.com%2Fmicrosoft-365-app-certification-salestim-announcement%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

What are the security implications from allowing third party apps in Microsoft Teams?

 

I have been searching for articles about this but haven't found anything. Links would be appreciated.

7 Replies

That depends on the type of app, but the general rule is you should never ever add an app you don't know the purpose for, or one that is not from a trusted publisher. The actual app page details should give you some more information, but unfortunately Microsoft isn't too demanding currently and for many apps you can only find the basics like name and website...

I'm thinking about the 3rd party apps that are listed in the (old) Teams admin site in Office 365 Admin Center.

What where these?

You cannot get any detail from there, it's just a simple on/off toggle for all the first/third party apps. If you want actual details on the app, you have to look it up in the store.

@Vasil Michev what I need is general documentation about the security implications of allowing the use of 3rd party apps. I don't want to analyze each individual app.

No such document exists.

best response confirmed by Jakob Rohde (Frequent Contributor)
Solution

@Jakob Rohde 

You can safely rely on the Microsoft 365 app certification program to qualify the most secured apps.

What is Microsoft 365 Certification? - Microsoft 365 App Certification | Microsoft Docs

 

"Microsoft 365 Certification offers assurances that data and privacy are adequately secured and protected when a third-party Office app or add-in is installed in your Microsoft 365 ecosystem."

 

This certification covers application security, operational security, data handling, and is validated by an independent cyber security company.

For instance, our solution SalesTim has been certified last month: https://www.salestim.com/microsoft-365-app-certification-salestim-announcement/