TL;DR: Microsoft Teams is introducing a “Centralized Evaluation Experience” for admins. By setting trust requirements once, the system automatically scores apps and agents, allowing for faster and more consistent approval decisions. This should be rolling out in late February according to Microsoft.
The Bottleneck of App Governance
For years, the process of allowing a third-party app in Teams was a manual hurdle. Admins had to visit the “Security and Compliance” tab for every individual app, read the publisher’s attestation, and manually verify if it met organizational standards.
With Roadmap ID 532720, Microsoft is moving from manual checks to automated scoring.
How the Evaluation Score Works
Admins will find a new Evaluation Score Settings tab within the Teams Admin Center. Here, you can define your organization’s “Trust Profile” by selecting specific requirements:
- Certifications: SOC 2, ISO 27001, FedRAMP, etc.
- Compliance: GDPR, HIPAA, or specific regional data residency.
- Security Signals: Results of penetration testing or publisher attestation status.
Once saved, the system evaluates the entire Teams app catalog against these rules.
[Image Placeholder: Screenshot of the ‘Evaluation Score Settings’ in the Teams Admin Center showing check-boxes for GDPR and SOC 2]
A New Dashboard for Management
The Manage Apps page is also getting an upgrade. A new column, Evaluation Score, will display how each app stacks up against your baseline.
- Sort & Filter: You can now filter for “Apps with a score of 80% or higher,” drastically speeding up the review of user requests.
- Deep-Dive Reports: If an app scores lower than expected, a detailed evaluation report on the app’s details page will highlight exactly which requirement was missed.
Important Note on Behavior
This update is an informational tool, not a blocking tool.
- It will not automatically block apps that fail your criteria.
- It will not change your existing app permission policies. Instead, it provides the intelligence you need to make your own “Allow/Block” decisions faster.
MVP Recommendation: Prepare Your Baseline
Since this feature is enabled by default and will land by the end of February, I recommend that IT teams meet with their Security and Compliance officers now. Agree on a “Minimum Viable Trust” list so that when the tab appears, you can configure your score settings immediately and start clearing your app request backlog.