Troubleshooting Using Non-Microsoft Applications within Microsoft 365


Introduction

This article describes what you might experience the first time you try to use a non-Microsoft application (i.e., an unmanaged application) within the Microsoft 365 environment. It also explains what to do in the event that you do experience the items below

  • What you might see on the screen
  • An email that you might receiveĀ 

The process is designed to ensure security, compliance, and governance standards are upheld before any third-party application is approved for use within the organization.

Instructions

Unmanaged or third-party applications within the Microsoft 365 (M365) environment must go through an approval process before they can be used within Virginia Tech's M365 environment.

Submitting a request for review

You might have encountered this approval when you tried to add a new application. You are presented with a disclaimer indicating that "Approval Required." This prompt includes the specific permissions the application is requesting and provides a text box where the user must enter their justification for the request. In order to proceed with this prompt, you must enter a justification and click Request Approval. Unfortunately, this does not actually send out a notification for approval; it merely clears the prompt. The next step you must take is to put in a request for approval at Marketplace App Request.

As mentioned earlier, when you click on Request Approval, this does not actually notify an admin of your approval request; however, you will receive a confirmation email with the subject line, "Action needed for admin user consent". This email is a reminder that you must fill out Marketplace App Request to get your app reviewed for use. If you have already completed the form for this application, you do not need to do it twice.

The Admin Review Process 

The review process takes time; it cannot be expedited.

The submitted request is queued for review by the CCS admin team and any other necessary partners (The Information Technology Security Office, Information Technology Procurement, Software Service Center, etc.) at the university.    

  • Initial review: initial permissions check, duplication of existing capabilities, and if the app has already been reviewed via procurement or the ITSO.
  • If the app does not pass the first review from it will be blocked for the university at-large.
  • If the app passes first review it will be sent to ITSO for further review. 

Evaluation Criteria 

The primary objective of the review is to ensure that any third-party application meets the organization's strict security, compliance, and governance standards before approval. If the application's functionality is already available through built-in Microsoft 365 tools, it is unlikely to be approved to minimize unnecessary risk and avoid duplication of existing capabilities.