Tuesday, June 23, 2015

Controlling Office 365 integrated applications

Unfortunately, average users tend to click ‘Yes’ a lot more than they really should. If they could but restrain themselves somewhat the world would have far less viruses. BUT, we know they just can’t help themselves sometimes and administrators and IT Pros are left to clean up the damage.

In the the world of security, prevention is far easier and cheaper than the cure so taking pro-active steps to control when users allow third party applications access to their data can be handy. Office 365 provides the administrator the ability to do just this via Azure Active Directory that is included free with all Office 365 subscriptions. Here’s how.

image

Firstly, login to your Office 365 admin center.

image

In the bottom left select Azure AD.

If you haven’t already enabled Azure AD as part of your Office 365 tenant (which is free), see my previous post:

Enabling your Office 365 Azure AD

image

Select the Active Directory option on the left and then select the name of your directory (there should only be one).

image

Select the configure tab from the options across the top.

image

Scroll down until you locate the integrated applications area towards the bottom. here you can disable (by changing to No) all users ability to add integrated applications and have those applications access the users data.

image

If you make a change you’ll need to select the Save button at the bottom of the page that appears to update the directory with the new configuration.

With these options configured administrators can have piece of mind that none of their users can add applications from places like the SharePoint Store that could access Office 365 data and potentially cause information leakage or worse.