In a previous blog we discussed app permission policy and recommended settings for general users. These recommendation included blocking users from uploading and publishing apps in Teams store, as part of security and compliance measures. In this blog we will talk about setting up special policy for developers who are working on apps for your organization, assuming that recommended restrictive policies are implemented for all users. These developers will need to have a policy that enables them to upload apps from Teams for testing and publishing. Alternately, the Teams Admin can also upload apps from the Teams Admin Console. However, it might be necessary to give app developers ability to upload apps so that they can perform necessary testing.  Also, note that, this blog discusses only the app permission and setup policy for uploading apps, the steps for uploading apps are out of scope for this blog.

The methods to upload and test a custom app are following:

  1. Using “App Studio” app to upload, modify and testing the app.
  2. Sideloading – using Teams client to upload the app directly to Teams Store

In general, you need to setup polices that gives the developers both options. If the app has some feature that cannot be modified using App Studio then the developer may need to use “side loading” to upload the app.

App Permission Policy for allowing App Studio:

Microsoft Apps:

The settings for Microsoft Apps does not impact the developers – you should keep this setting same as the policy for rest of users.

Third-party Apps:

Most developers use “App Studio” to upload and update their apps. In that case, first, make sure that, third-party apps are allowed in the org-wide settings.

Select the option “Allow specific apps and block all others” -> click the option “Add Apps”

Search for “App Studio” -> Select the option to “Add” the app studio app -> then select “Allow”.

The policy configuration option will look like this.

Custom Apps:

Custom apps should be set to “Allow all apps” assuming the app your developers are working on is a custom app.

App Setup Policy for Sideloading:

Sideloading is a method to directly upload a custom app to the Teams store. Your administrator will still need to approve the app and potentially modify policy to allow the app for all users.  The app permission policy need to allow custom apps for this policy to work properly.

Steps:

Create a new Teams App Setup Policy for developers.

Make sure the first option “Upload Custom Apps” is turned “On” for this policy.

This will give the user (developer) the option to upload the app files using Teams Store from the Teams client application.

After you create these two policies, make sure to assign the polices only to those users who will be developing and testing the custom apps. You need to assign both the app permission policy and app setup policy.

Beta Testing with pilot users:

After development phase is done, if you want to include pilot users for beta testing, you can create a new app permission policy that allows this app but does not allow the users  to upload a custom app or have access to app studio. Therefore, you need to create a new app permission policy. The users can still have the general users app setup policy.

App Permission Policy for pilot users:

Microsoft Apps:

The settings for Microsoft Apps remains the same for pilot users.

Third-party Apps:

This setting also remain the same as the policy for general users – pilot users do not need access to “App Studio” for beta testing.

Custom Apps:

This is where the you need to set it up so that, beta users have access to the custom app. Prior to setting this up, make sure the custom app is approved and published in the team store.

Select the option “Allow specific apps and block all others” -> click the option “Add Apps”  -> Search for the custom app by typing in the name -> Add the custom app.

Apply this policy to all the pilot users who will be testing the custom app.

You can create a Team called something like “Beta testing Team” and a “Pilot users” Channel so that pilot users can discuss their test results. Developers or Admins can also help the pilot users using this channel.