Microsoft 365 add-ins are important for enhancing functionality and user experience. However, it is crucial to balance the benefits they provide with the need for security and privacy. This blog focuses on finding that balance and ensuring the security of your Microsoft 365 environment. Having a well-rounded system is essential for a successful business strategy.
What do you mean by add-ins?
Add-ins within Microsoft 365 are integrated applications and services designed to enhance user productivity. It’s important to note, however, that these add-ins are not directly curated or overseen by Microsoft.
A notable example is Docusign, a widely-used add-in in Microsoft 365, offering a electronic signature solution that allows users to sign, send, and manage documents digitally.”
Why should we disable this useful tools?
This article explains how to turn off add-ons in Microsoft 365. Some people may wonder why you would want to disable features that enhance M365. Below are the reasons for doing so:
- Data Privacy Considerations: Permitting add-ins from non-verified sources introduces security vulnerabilities, potentially jeopardizing device integrity and user data confidentiality.
- Performance Implications: The simultaneous operation of multiple add-ins can impede the efficiency of Microsoft 365 applications, leading to diminished productivity.
- Optimized User Experience: By restricting certain user-owned add-ins, organizations can foster a streamlined and orderly workspace, thereby enhancing the overall user experience without the clutter of extraneous applications.”
Ok ok you convinced me, where should I start?
- Proceed to the ‘Settings’ section within the Microsoft 365 admin center.
- Opt for the ‘Org settings’ feature.
- Under the ‘Services’ tab, choose the ‘User owned apps and services’ preference.
- Deselect the functionalities labeled ‘Let users access the Office Store’ and ‘Let users start trials on behalf of your organization’.
- Conclude by selecting the ‘Save’ option.”
Upon implementing this configuration, users within your tenant will be restricted from accessing the Office 365 store, thereby preventing the installation of any add-ins in their Microsoft 365 accounts. Should users attempt to install add-ins via the Office Store, they will be presented with a corresponding error message.
Nice, but when I tested this I was still able to install add-ins in the Outlook client!
While the aforementioned configuration puts a ‘No Entry’ sign on the Office Store door, some crafty users might still sneak add-ins or apps into their Outlook party. To keep those gatecrashers out of Outlook, we’ll need a slightly different game plan!
To curtail the utilization of Outlook add-ins for all Microsoft 365 users, adhere to the following procedure within the Exchange admin center:
- Proceed to the ‘Roles’ section and navigate to the ‘User roles’ page.
- Opt for the ‘Default Role Assignment Policy’ and select the ‘Manage permissions’ functionality.
- Within the ‘Default role assignment policy’ for add-ins, deselect the options labeled “My Custom Apps, My Marketplace Apps, My ReadWriteMailbox Apps”.
- Finalize by clicking on ‘Save changes’.
Upon successful configuration, users will be precluded from installing new add-ins within their Outlook environment and will be presented with specific error messages should they attempt to do so.”
Thanks, this works. But when I spoke to Harry from HR at the coffee machine, he indicated that he was still using an add-in. How is that possible?
Revoking access to the Office store or Outlook add-ins does not eliminate previously deployed add-ins. To expunge user-owned applications and services (i.e., delete add-ins) within Microsoft 365 applications, please adhere to the subsequent procedure delineated below.
- Navigate to the ‘Settings’ section within the Microsoft 365 admin center and choose the ‘Integrated apps’ feature.
- Identify and select the desired add-in or application from the list and proceed to the ‘Remove app’ option located under the ‘Overview’ tab.
- You will be redirected to the ‘Remove apps’ page. To confirm the deletion of the app along with its associated data, check the box labeled ‘Yes, I’m sure I want to remove the app and associated data’.
- Click on ‘Remove’.
- Conclude the process by selecting ‘Done’, post the successful removal of the application.”
Yes, I am completely in control and in charge again. But now my director wants to implement Salesforce and the sales department needs the add-in?
To make sure your business runs smoothly, some users might need specific add-ins. Admins can choose to activate these add-ins only for those users. Follow these steps to easily deploy add-ins in Office 365 for a select group of users:
- Initial Setup: Begin by restricting access to the Office store for the broader user base.
- Accessing Integrated Apps: Navigate to the ‘Settings’ section within the Microsoft 365 admin center and opt for the ‘Integrated apps’ feature.
- Locating the Desired Add-in: Click on the ‘Get apps’ (or in this case the add-in is already on the start page) option and input the name of the requisite integrated app or add-in in the search functionality.
- Initiating the Add-in Installation: Click on the ‘Get it now’ button corresponding to the desired app or add-in. Subsequently, on the ensuing ‘Confirm to continue’ page, select the ‘Get it now’ option once more.
- User Selection for Deployment: Post-confirmation, you’ll be directed to the ‘Add users’ page. Here, choose the ‘Specific users/groups’ option, identify the users or groups for the deployment, and proceed by clicking ‘Next’. (if you want to enroll this add-in to all users choose entire organization)
- Permission Review: On the ‘Accept permissions requests’ page, acquaint yourself with the app permissions and capabilities, and then click ‘Next’.
- Final Review: Scrutinize all configurations (pertaining to users and groups) on the ‘Review and finish deployment’ page, and finalize by clicking the ‘Finish deployment’ button.
- Completion: Conclude the process by selecting ‘Done’, marking the end of the deployment phase.”
The selected add-on or integrated app will be included in the specified users’ Microsoft 365 apps.
Conclusion
In today’s digital landscape, protecting data is crucial. The steps outlined above help safeguard against risks that might come from untrusted add-ins in Microsoft 365.
By understanding the importance of managing these add-ins and following the provided guidelines, organizations can better protect their data in Microsoft 365. This not only boosts security but also ensures the company meets necessary standards.