Team users getting option to buy apps in Microsoft Teams app store

At Microsoft Build 2021 it was announced that Team users getting the ability to buy third-party (3P) apps within the Microsoft Teams app store. Based on the Microsoft 365 message center notification MC282989 and the Microsoft Roadmap ID 83502 the changes is planned to start in October 2021.


The Microsoft 365 Roadmap ID 83502 states the following:

Source: Microsoft 365 Roadmap ID 83502

What’s the impact?

Well, users will be enabled to buy and subscribe to 3P apps and services. Depending on your Teams configuration they might can directly start to buy or not. It depends also on your Teams app configuration in the Teams Admin Center. There you have org-wide settings you can configure as needed as well as user-specific policies.

Source: Microsoft 365 Message Center notification MC282989

Check and configure Microsoft Teams manage apps (org-wide)

You could configure your org-wide apps settings in the manage apps space. However, you need to be aware that if you close this off the “per user permission policies” cannot contain any different configuration. That’s why I usually leave this org-wide setting as-is and only configure the permission policies as needed.

Source: Screenshot Microsoft Teams Admin Center manage apps

Check and configure Microsoft Teams App permission policies (org-wide/per user)

The permissions policies it what I like to set as needed because here I can configure the global (org-wide) permission policy and restrict third-party and custom app availability plus create custom policies to assign the apps permission to use certain apps for defined users. This way not anyone can just install and use all the available apps which can be found in the Microsoft Teams app store. Because that why only permitted apps are shown and usable based on the assigned permission policy.

By default the global permission policy is applied.

Source: Screenshot Microsoft Teams Admin Center Permission policies

Conclusion, opinion and summary

Users just buying (any) apps might not be conform to (many) IT and company policies and workaround defined processes in a company. I can imagine that this option could be an attractive shortcut in larger companies wherein a Team Lead or Head of … might quickly provide a solution to a problem for his Team to get things done. Nevertheless, this is no good idea, in my opinion, because skipping processes and might end up in having some kind of shadow IT what you actually want to avoid. Seeing and having reports that an app in Microsoft Teams has been bought or subscribed does not mean to avoid shadow IT because the third-party app usually should have an app owner having IT skills and can apply IT-conform administration to be aligned with company policies and compliances. Depending on the company’s vertical having to deal with this can be cumbersome in particular if you have strict compliance and regulations which you must comply. To find out that there are non-compliant apps in use in an audit could be bad especially if these are violate compliance in any way and probability is high that this is the case by default. isn’t it? That’s why you might better check your Teams apps.

It is similar to the self-service purchase which was introduced in 2019 enabling users subscribing services by using their credit card. There are two good reads regarding the self-service purchase on the blogs of petri and office365foritpros by Tony Redmond (links at the bottom).

Additional resources

Comment / Kommentar verfassen

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.