MonthApril 2021

Control Custom App Uploads In Teams

As discussed in the previous post, we can enable developers (and users) to upload custom apps to Microsoft Teams. However, sometimes (and most often) you don’t want to enable everyone to upload custom apps everywhere. This is where Teams enables you to have granular control on who can do what.

First step is to ask this question:

Did I block custom apps at all in my environment?

The very first option that you will need to be aware of is the “Allow interaction with custom apps”. This setting is found by going to the Teams Admin Center > Teams Apps > Manage Apps > Org-wide app settings:

Once this setting is enabled in your tenant, you can now move forward and control who can upload custom apps. If this setting is off, then you won’t have a way to upload custom apps to your tenant, so if you need to upload apps, you’ll need to make sure this setting is on. (Note, in cases when you want to stop uploading apps altogether to the tenant, you can always use this option to shutdown this capability)

Now with this option enabled, in order for a user to be able to upload a custom app, you’ll need to ask this question:

Is the user assigned a custom policy that allows him/her to upload an app?

The user will need to be assigned an app policy that has uploading custom apps enabled.

This can be done by going to Teams Admin Center > Teams Apps > Setup Policies. By default, developer tenants will have this policy enabled by default, but if you want to sideload apps in other tenants, you’ll need to have at least one policy where “Upload custom apps” is enabled.

Once you have the policy set to upload custom apps, go back to the policies list, select the policy, and add the user you want to grant this access to for this policy:

After you add the user to the policy. The user will be able to upload custom apps depending on the answer of the upcoming question:

Will the user need to upload personal apps only or teams apps?

If the user needs to upload personal apps only, then it’s all good so far and the user can do so. However if the user needs to upload custom apps to a Team and that user isn’t an owner, then the Team owner should enable the option for members to upload custom apps. This can be done on the Team settings itself:

For a better understanding for those who prefer visual sequence, you can consult the following diagram:

I hope this helps someone out there! Enjoy Teams App development!

Understanding App Sideloading In Teams

We hear the term “Sideloading” when it comes to Microsoft Teams, we even used to hear that when talking about SharePoint apps. So what does it mean to sideload an app in Teams and who can do it?

The “normal” way of uploading an app to the tenant in Teams is to upload it to the organization app store without sideloading (we’ll talk about sideloading in a minute). In the organization store, it will be available to the all tenant users to install. You can view all tenant apps when you click on Apps in the left-hand rail in Teams client, you will find your custom apps available for the current tenant under a section named: Built for [Tenant Name]

To upload an app to the organization store, you can do it from the same page, by clicking on “Upload a custom app” then click “Upload for [Tenant Name]”

You can also do the same from the Teams admin center by clicking on Teams apps > Manage apps > Upload:

Now.. what if we’re developing an application and we want to test it in the scope of a team or a personal scope? We don’t want to upload it to the whole tenant rather just to a specific team. That’s what sideloading does, it allows us to upload an application to a team or personally without showing it to the whole tenant.

This setting is controlled in Teams Admin Center, if you go to Teams Admin Center > Teams apps > Setup policies. You can create a new policy and ensure to enable the setting “Upload custom apps”. Upload custom apps is just the equivalent of “Sideloading”. After you create the policy, assign it to yourself (or any person that you would want to upload custom apps):

In developer tenants, you will notice that this option is already enabled through the “Global (Org-wide default)” policy:

After you enable the policy to upload custom apps and make sure it’s assigned to you, when you go to the Apps section in the Teams client, and click on Upload an app, you will notice the option to “Upload for me or my teams”:

Note that enabling sideloading might take sometime for the new option to show up in Teams. (up to 24 hours).

Also remember, you can control who can sideload apps in teams by assigning users to the new policy you created in Teams admin center. In the next post, we’ll go over policies and settings that enable us to have more granular control on who can upload apps to our tenant. See you in the next post!