OHIO’s Office of Information Technology implements additional safeguards with third-party applications

Beginning May 23, there will be new restrictions at Ohio University on allowing third-party access to protected resources within Microsoft 365, such as user profile information, email data, calendar information, files and documents.

What is changing?

If users attempt to install a new app, such as an add-on to Teams, and that application requests previously unapproved access to Microsoft 365 protected resources, they will see the pop-up image below indicating that the application requires admin approval. OHIO’s Office of Information Technology (OIT) will require faculty and staff members to submit a Technology Review to determine if access can be granted. For applications that are associated with a cost, the requestor must also follow the Departmental Software Purchasing process.

Students will need to refrain from using unverified applications. Students needing access to a third-party application directly related to a course requirement will need to follow up with their instructors.

When prompted by the pop-up, users can enter a justification in the submission and then select "Request Approval." The request will be submitted to OIT and a follow-up email will be sent to the requestor with the next steps outlined to complete the technology review process.

Users accessing third-party applications already approved by the University, or apps unrelated to Microsoft 365, will not notice any change in their experience.

What is app consent?

App consent is the process through which you grant authorization to an application to access specific resources on your behalf. These resources could include your organizations’ data or individual information. When you encounter an app that requests consent, it’s essentially asking for your permission to perform certain actions.

Why is this a concern?

It is essential students, faculty and staff at Ohio University exercise caution and consider the potential legal, privacy, and data security risks associated with these third-party applications. Shared data may contain sensitive University information that requires confidentiality, and the applications standard contractual language does not demonstrate the company’s commitment to protect the privacy and security of your personal and University data.

Users requiring additional assistance are encouraged to visit help.ohio.edu to submit a service ticket. For additional information, please visit the related Knowledge Base article.