check before: 2025-10-31
Product:
Exchange, Microsoft Graph, OneDrive, SharePoint, Teams
Platform:
Developer, Online, Web, World tenant
Status:
Change type:
User impact, Admin impact
Links:
Details:
Summary:
Starting late October to November 2025, Microsoft will require admin consent for third-party apps accessing Exchange and Teams content via Microsoft-managed default consent policy. This enhances security by restricting user consent, affecting new app permissions but not existing approved apps. Admins should review app access and configure consent workflows accordingly.
Details:
As part of the Microsoft Secure Future Initiative (SFI) and in alignment with the "Secure by Default" principle, we are updating the Microsoft-managed default consent policy in Microsoft 365 Graph to align with Microsoft's ongoing security improvements, help you to meet industry best practices, and harden your tenant's security posture. These changes enable admins to better control third-party app access for Exchange and Teams content.
This is the next step in a broader effort to evaluate and evolve Microsoft 365 defaults through the lens of SFI. This update follows our recent SharePoint and OneDrive changes that blocked legacy protocols and required admin consent for third-party apps accessing files and sites. The Exchange and Teams updates are a continuation of this same approach. admin consent for third-party apps accessing files and sites. The Exchange and Teams updates are a continuation of this same approach.
[When this will happen:]
These changes will begin rolling out by end of October 2025 and are expected to be completed by late-November 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-10-02
updated:
2025-10-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Admin Consent Requirement
Admins will need to approve all new third-party app access to Exchange and Teams content, potentially delaying app integration and usage.
- roles: IT Admins, App Owners
- references: https://learn.microsoft.com/entra/identity/enterprise-apps/manage-application-permissions?pivots=portal, https://learn.microsoft.com/en-us/graph/permissions-reference?view=graph-rest-1.0
User Experience Disruption
Users may experience interruptions in accessing new third-party applications if admin consent is not obtained in a timely manner.
- roles: End Users, IT Support
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/configure-admin-consent-workflow, https://www.microsoft.com/trust-center/security/secure-future-initiative
Increased Administrative Workload
IT admins will face increased workload to review and manage app permissions and consent workflows, impacting their availability for other tasks.
- roles: IT Admins, Security Teams
- references: https://learn.microsoft.com/entra/identity/enterprise-apps/manage-app-consent-policies?pivots=ms-graph, https://learn.microsoft.com/entra/identity/enterprise-apps/configure-user-consent?pivots=portal
Potential App Access Delays
New users or apps requesting broader permissions will face delays in access until admin approval is granted, affecting productivity.
- roles: End Users, App Owners
- references: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-application-permissions?pivots=portal, https://learn.microsoft.com/en-us/graph/permissions-reference?view=graph-rest-1.0
Need for Updated Documentation
Organizations will need to update internal documentation and processes to reflect the new consent requirements, which may lead to confusion if not communicated effectively.
- roles: IT Admins, Training Teams
- references: https://learn.microsoft.com/entra/identity/enterprise-apps/configure-admin-consent-workflow, https://www.microsoft.com/trust-center/security/secure-future-initiative
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Microsoft is implementing changes to enhance security for Exchange and Teams by requiring admin consent for third-party apps. Think of it like adding a security gate to a community. Previously, residents (users) could let visitors (apps) in on their own. Now, the community board (admins) needs to approve these visitors to ensure they’re safe and trustworthy.
This change means that any new third-party app wanting to access Exchange or Teams content will need to get approval from an admin. However, apps that have already been approved by users can continue to operate without interruption. This is similar to how existing residents' friends can still visit without needing new permission.
For organizations, this means reviewing which apps currently have access and setting up a process for users to request admin approval for new apps. This ensures that only vetted and necessary apps can access sensitive information, much like a security team reviewing who gets access to a building.
Admins should prepare by assessing current app configurations and setting up workflows to handle approval requests. This preparation will help maintain smooth operations and ensure that necessary apps remain accessible while keeping security tight.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago ago
