Introducing resource-specific consent for Microsoft Teams

Tags Teams Apps RSC

Introducing resource-specific consent for Microsoft Teams

Date: 15 Jul 2020

 

Summary

Major update: Announcement
Applies To: All
Updated September 18, 2020: We are pleased to announce that this feature has completed rolling out and is available in your organization as applicable.

Resource-specific consent (RSC) for Microsoft Teams makes it possible for team owners to consent to apps accessing their team data without explicit admin approval. Admins may choose which team owners can consent.

Key points

  • Microsoft 365 Roadmap ID 56605
  • Timing: end of August (previously mid-August); complete end of September (previously mid-September)
  • Roll-out: tenant level
  • Control type: admin control 
  • Action: review and assess  

 

When This Will Happen

Timing: end of August (previously mid-August); complete end of September (previously mid-September)

 

How This Will Affect Your Organization

Apps provide out-of-the-box or custom tools for your organization to get more out of Teams.

Previously, any app that accessed Microsoft Graph APIs for Microsoft Teams needed global admin consent. Most other Graph APIs support user consent, i.e., consent by someone other than an admin, which allows apps using those APIs to be run without admin consent.

With RSC, you no longer need to grant an app tenant-wide approval. Instead, you can give a team owner the ability to install an RSC app that will have access to only that team’s Teams Graph API. RSC allows apps to create, rename and delete channels; read channel messages; create tabs; and read team membership and settings.

RSC permissions

There is no change in how you track apps that have been installed in your tenant. You can continue to block a specific application from being installed in your tenant.

 

What You Need To Do To Prepare

From the Microsoft Teams admin center, manage RSC through the setting, “Users can consent to apps accessing company data for the groups they own."

  • By default the RSC setting mirrors the setting, "Users can consent to apps accessing company data on their behalf."
    • If users can consent to accessing company data, they can also consent to accessing company data in groups they own.
    • If a user cannot consent to apps accessing company data for the groups they own, they cannot install RSC apps.
  • If you do not want your Team owners to be able to use RSC approvals for apps, you can disable this feature.
  • You may also limit the ability to consent to RSC apps to specific team owners, rather than all team owners.

In this example, all group owners are allowed to consent to apps accessing their group data.
Settings

Apps that have already been installed are not affected by this policy.

 

 

Details

Article ID: 118287
Created
Tue 10/13/20 8:17 PM