SOLVED

Verify someone else's custom app

%3CLINGO-SUB%20id%3D%22lingo-sub-1506071%22%20slang%3D%22en-US%22%3EVerify%20someone%20else's%20custom%20app%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1506071%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20user%20who%20would%20like%20to%20use%20a%20Teams%20custom%20app%20from%20a%20customer%20of%20ours.%20How%20can%20we%20verify%20the%20app%20and%20what%20it%20does%20before%20allowing%20it%20in%20our%20environment%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1506071%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdministrator%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDeveloper%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Regular Contributor

Hi,

 

I have a user who would like to use a Teams custom app from a customer of ours. How can we verify the app and what it does before allowing it in our environment?

2 Replies
Highlighted

Hi @Par Linderoth  I don't have a suggestion for verifying an app but I do have a document to share about managing them (maybe you've seen this already but just in case....).

 

https://docs.microsoft.com/en-us/microsoftteams/teams-custom-app-policies-and-settings

Highlighted
Best Response confirmed by Par Linderoth (Regular Contributor)
Solution

You cant really, unless you have access to the code. The app description and the consent screen should give you an idea of the type of actions the application might perform, but that's usually a bit vague. You can certainly add it in a test tenant and play with it, run some traces and capture audit events, etc.