Team App Permission Policies and App roll-out ring

Brass Contributor



our development department is constantly extending teams with new apps that should follow a staged roll-out deployment.

First only an inner ring (developers) should be able to use the developed app, followed by a pilot-user ring. Finally when everything works as expected the app should be made available to all users.

I wonder if there is a preferred way to design the app permission policies to achive that?


Please correct me if I'm wrong, but AFAIK permission policies don't accumulate each other, meaning custom policies don't include the allowed (or block excluded) apps from the global (org-wide) policy, which would help in that case.

As this seems not to be the case, we currently have 3 permission policies (Dev, Pilot-User, Global) for that single purpose. What should we do in the future, if we have multiple apps (either self-developed, Microsoft, or Third-party) that should follow our ring approach as well? We can only assign 1 policy to a user at any point, so it would get quite complicated keeping the "approved" and globally rolled out apps in sync with the custom apps.

Maybe I missed any essential point here but if not I would really welcome any other views on that.

2 Replies

My recommendation would be to keep three separate group. One Group for developers, Second Group for Pilot Users and Third Group for End Users.

Using this approach only you would be able to roll out the apps to all the users. I assume this is the current way how we have configured the environment as well.

With Regards,
Satish U

Thank you for your resonse @RealTime_M365 


Do you mean to assign the app to individual teams like mentioned here Manage your apps in the Microsoft Teams admin center - Microsoft Teams | Microsoft Docs?


That would only work for apps in the team scope, but not for apps in the personal scope.


To be honest, I don't have any clue how to achive that. Do you have any link to a guideline where this approach is described in more detail?


best regards