New feature
User impact
Admin impact
Update: 28-Mar-2025 20:04
Updated March 26, 2025: We have provided additional details about Phase 3 below.
The migration to app-centric management using the Migration Wizard (Phase 2) started rolling out in late November 2024 and completed rolling out in mid-December 2024. Administrators are now able to start the migration themselves using the wizard. The automatic migration for customers with only a global permission policy (Phase 1) will complete by end-March 2025 and those with multiple permission policies (Phase 3) will begin in April 2025
Detailed documentation for the migration process is available at App centric management to manage user access to Teams apps - Microsoft Teams | Microsoft Learn.
App centric management introduces new admin settings to control who in the tenant can install Teams apps. First, admins can set a default value for new apps that are published to the Teams app store. Second, admins can manage apps for users, groups, or everyone in the organization. This feature replaces the existing app permission policies and provides admins with the ability to manage access to the app individually. The app permission policies for existing customers are migrated to maintain existing app availability in the tenant.
This message is associated with Microsoft 365 Roadmap ID 151829
When this will happen:
This feature will gradually roll out across three major phases.
Phase 1: Auto-migration for only single policy customers - This is applicable for customer with only a global permission policy. The roll-out has started and will be complete by end of March 2025.
Phase 2: Self-migration – admins of our customers can do self-migration using the Migration Wizard. This is the preferred way for customers to have tenant admin to be in the loop of migration. The migration Wizard is available to all customers now till end of March 2025. If you need more time to prepare for self-migration, please reach out to support.
Phase 3: Auto-migration for all customers – This is for customers who have not completed self-migration in Phase 2. This is targeted to start in April 2025. Auto-migration will maintain the same access defined in app permission policies whenever there is no conflict between a user's assigned policies. If a user's policies conflict by allowing and blocking the same app for them, we will auto-migrate their app as allowed. After auto-migration, there will be a security group created for each set of users assigned to each app permission policy. These groups will be assigned to each app they are allowed in their respective policy, maintaining their app access. Groups Administrators can manage these groups like any others to customize the app centric management assignments, such as adding and removing users, or removing the group and replacing it with another.
How this will affect your organization:
Starting with this release, you can:
1. Manage Teams apps for selected set of users, groups or all users in the organization.
2. Set the default value for new apps published to Teams app store for each of the app types: Microsoft, third-party and custom apps.
What you need to do to prepare:
No action needed for phase 1 tenants with Global permission policy only. . Migrate to app centric management manually via the Migration Wizard provided in Phase 2 by the end of March 2025 if you do not want to be auto-migrated during Phase 3.