Did you know: Resource-specific consent (RSC) for Microsoft Teams makes it possible for team owners to consent to apps accessing their team data without explicit admin approval. Admins may choose which team owners can consent.
Key points
- Microsoft 365 Roadmap ID 56605
- Timing: mid-August; complete in mid-September
- Roll-out: tenant level
- Control type: admin control
- Action: review and assess
How this will affect your organization
Apps provide out-of-the-box or custom tools for your organization to get more out of Teams.
Previously, any app that accessed Microsoft Graph APIs for Microsoft Teams needed global admin consent. Most other Graph APIs support user consent, i.e., consent by someone other than an admin, which allows apps using those APIs to be run without admin consent.
With RSC, you no longer need to grant an app tenant-wide approval. Instead, you can give a team owner the ability to install an RSC app that will have access to only that team’s Teams Graph API. RSC allows apps to create, rename and delete channels; read channel messages; create tabs; and read team membership and settings.
RSC permissions
There is no change in how you track apps that have been installed in your tenant. You can continue to block a specific application from being installed in your tenant.
What you need to do to prepare
From the Microsoft Teams admin center, manage RSC through the setting, “Users can consent to apps accessing company data for the groups they own.”
- By default the RSC setting mirrors the setting, “Users can consent to apps accessing company data on their behalf.”
- If users can consent to accessing company data, they can also consent to accessing company data in groups they own.
- If a user cannot consent to apps accessing company data for the groups they own, they cannot install RSC apps.
- If you do not want your Team owners to be able to use RSC approvals for apps, you can disable this feature.
- You may also limit the ability to consent to RSC apps to specific team owners, rather than all team owners.
In this example, all group owners are allowed to consent to apps accessing their group data.
Apps that have already been installed are not affected by this policy.
If you’d like to schedule a free one hour consultation on Microsoft 365 roadmap planning with someone from our Microsoft 365 roadmap services team please contact us