Monitor your SharePoint add-ins with an approval policy

By

It’s predicted there will be over 5 billion phone users (5.07bn) by 2019, accounting for around 67% of the world population (7.52bn). And on practically every one of those phones will be a multitude of apps. There are currently 2.8 billion and 2.2 billion apps on the Google Play and Apple App Stores, respectively. But it’s not just the consumer side of the market getting swept up in the application storm.

Enterprise apps (on desktops and mobile devices alike) are also on the rise. 66% of organisations are expected to increase their investment in mobile apps within the next three years, with app revenue expected to reach $430bn by 2021.

Platforms like Microsoft SharePoint—which, while having recently developed a mobile-dedicated presence, is still very much a desktop-based platform—rely heavily on applications to make the platform more powerful and flexible. Much like every individual’s phone has a different collection of apps, each branch of the organisation needs a specific set of tools to get their work done to the best of their ability.

It’s worth noting that Microsoft recently changed the terminology ‘apps for SharePoint’ to ‘SharePoint add-ins’, meaning ‘app parts’ are now ‘add-in parts’ and so on. So ‘add-ins’ is now the technical term.

With so many add-ins available—each offering something different and coming from a different source—the potential to overcrowd your environment, overwhelm and confuse users and even put your organisation at risk is higher than it once was. Let’s explore how you can create policies to help monitor the SharePoint add-ins in your environment.

 

Managing SharePoint add-ins with meaning

As an Office 365 and/or SharePoint administrator, you’re responsible for the smooth-running of your environment, whether that’s in the cloud or on-premises. But with SharePoint add-ins ready to use out-of-the-box, add-ins that are built internally and add-ins created by third-party developers available on the SharePoint store, your users have a lot of choice. This variety is great, of course, but it can also cause problems.

Consider how an app like Facebook on your mobile might request access to your photos or location for you to geo-tag or add photos to posts on your timeline. Likewise, your SharePoint add-ins will need to access certain areas of SharePoint and certain data to work properly. The Site Mailbox app will need to access an Exchange mailbox, while a Form Library requires a compatible XML editor like InfoPath, for example. But you don’t want SharePoint add-ins accessing company content that may be sensitive or confidential without ensuring the application has the right permissions to access that content.

Restricting user access to a specific site or content in SharePoint is done through permission levels, and the same can be done for SharePoint add-ins. Users can only add apps with permissions equal to them. Add-ins will most often require read permissions to examine the data in a SharePoint list or library. So, if a user does not have read permissions for a certain site, but the app needs to access a library within that site, it can’t be installed. This is good for your site security, but bad for the user who wants to improve his or her productivity.

Of course, it’s more likely a user wanted to install the Site Mailbox app to help keep her email and documents together, not maliciously access content they otherwise wouldn’t be able to. You need a way to monitor which apps are being installed and which individuals should be using them.

 

Police your SharePoint add-ins

When an app requires organisation-level permissions, the requestor will need approval from an Office 365 or SharePoint administrator to continue with the installation. The approval process involves the permission request workflow, which directs all installation requests through to the appropriate people in the organisation. When an installation request is sent, an automated email is sent to everyone who is a site collection admin for the app catalogue. This is where administrators can then choose to approve or deny requests.

Further still, you can filter out the SharePoint app store so users can only see the apps that you know have the right permissions. These are split into three categories: user-only, user & add-in or add-in-only policies. By filtering out applications that aren’t authorised for company use, you can cut out the middle man and save a lot of time.

The permission request workflow and authorisation filters are good time savers, but above all else you should make sure approval of SharePoint add-ins is a formal policy. So, make sure the procedures for add-in installation are well-documented and easy to access so you and all your users are on the same page.

 

For more information on creating policies for your SharePoint add-ins, don’t hesitate to get in touch with us today.