Graph and PowerShell Blog

Linked Article: Further troubleshooting Integrated Apps

Until recently I let my cloud admin handle Outlook add-ins aka Integrated Apps. The policy was to block all apps entirely to reduce the number of potential data leaks and security holes.

Now though, I've been asked to deploy the Microsoft add-in 'Report Phishing' and configure the options.

The first thing to check is the Exchange User Policy under EAC - Roles - User Roles. The default role should have these settings enabled, but as I said previously we blocked all access, so here I have created a new policy and assigned it to test users.

↑ New policy set up with permissions to view and install add-ins.

Next, we need to make the add-in available for users. We'll need the 'Exchange Admin' and 'Application Admin' roles activated for this if you are not a 'Global Admin'. Once this is done we go to Microsoft 365 Admin Center - Settings - Integrated Apps and add the app by searching for it under 'Get apps'.

The steps are self-explanatory, you can decide to publish the add-in for yourself, a group of users, or everyone. What it doesn't show is how the app is deployed, by default it will become 'Available', but this is only viewable on the old AdminPortal page.

↑ We can see here our app is set to 'Available', so users must install it themselves.

With the app deployed and installed by users, we can now focus on setting up what the add-in does when a user reports a mail within Outlook. This is set under Microsoft Defender - Settings - Email & collaboration in O365. First, we define that we want to use the Microsoft add-in and not a 3rd party.

↑ We have selected to use the Microsoft add-in.

Then we can define what happens when the message is reported.

↑ We can send the email to Microsoft for analysis or we can add it to our mailbox, or both.

Block Users from Installing Third Party Apps
When any app is deployed by an admin, it appears to overwrite any settings in Outlook that blocks the store. This seems to be a new functionality from Microsoft in 2024. To stop users from installing third party apps you should get your Global Admin to block this setting under M365 Admin - Integrated Apps - Deployed Apps (setting cog).

↑ Block 3rd party apps under M365 Admin - Integrated Apps - Available Apps (settings cog).

Graph and PowerShell Blog	Articles 2025 Running PowerShell on Linux v Windows 2024 Deleting items from Recoverable Items PoshRSJob v PowerShell Core Parallel shootout Integrated App deployment issues Mailbox appears as Mail User in O365 Graph Audit Log returns 403 Mails not getting deleted from O365 Quarantine Hash versus Generic List speed test Decommission On-Prem Exchange Automate User Creation via PowerShell and Excel List Azure Virtual Machines via PowerShell Moving from PowerShell 5.1 to Core Canyon Roadlite 6 2024 Postfix Receive and Forward Installing and configuring PHPMailer Postfix routing by filtering Advanced Postfix configuration Installing Exchange 2019 in Azure Landing Zone Upgrading PHP on Windows Adding a Postfix server for relay to O365 O365 Integrated Apps troubleshooting Domino and O365 Co-existence Delegate Control in AD App mail relay via HVE Setting up Mail Relay with HVE Getting BIMI certified Orbea Occam SL H30 Installing FreeSat and Saorview Changing broadband provider Replacing a DIN timer on fuseboard Outlook Desktop Notifications stop working Outlook folders keep moving sort order Teams report uploading to SharePoint with Runbooks Teams PowerShell module can't run CS cmd as App 2023 Cannot map new Shared Mailboxes in O365 Renewing an Exchange 2016 certificate Connect to Compliance PowerShell behind a Proxy Sensitivity Label not shown in Outlook Client Room Finder Error in Outlook Teams not showing Rooms Teams unable to open file Unable to review quarantined mails for shared mailbox Set Locale for various Apps Delegate Sent Items placed into external Tenant Overview of Microsoft Support cases When centralized mail sends via O365 Cleaning up your Windows DNS server Set OneDrive for Business Locale O365 Migration Tips Reporting on successful Azure logons IIS Mapi Queue full with NetScaler Secure Office365 reports with a certificate Using Graph to send emails with inline images Visualizing Graph data with Google Charts Keeping a log of NetScaler AlwaysON connections \| About \| Links

O365 Integrated Apps troubleshooting 28-May-24 Linked Article: Further troubleshooting Integrated Apps Until recently I let my cloud admin handle Outlook add-ins aka Integrated Apps. The policy was to block all apps entirely to reduce the number of potential data leaks and security holes. Now though, I've been asked to deploy the Microsoft add-in 'Report Phishing' and configure the options. The first thing to check is the Exchange User Policy under EAC - Roles - User Roles. The default role should have these settings enabled, but as I said previously we blocked all access, so here I have created a new policy and assigned it to test users. ↑ New policy set up with permissions to view and install add-ins. Next, we need to make the add-in available for users. We'll need the 'Exchange Admin' and 'Application Admin' roles activated for this if you are not a 'Global Admin'. Once this is done we go to Microsoft 365 Admin Center - Settings - Integrated Apps and add the app by searching for it under 'Get apps'. The steps are self-explanatory, you can decide to publish the add-in for yourself, a group of users, or everyone. What it doesn't show is how the app is deployed, by default it will become 'Available', but this is only viewable on the old AdminPortal page. ↑ We can see here our app is set to 'Available', so users must install it themselves. With the app deployed and installed by users, we can now focus on setting up what the add-in does when a user reports a mail within Outlook. This is set under Microsoft Defender - Settings - Email & collaboration in O365. First, we define that we want to use the Microsoft add-in and not a 3rd party. ↑ We have selected to use the Microsoft add-in. Then we can define what happens when the message is reported. ↑ We can send the email to Microsoft for analysis or we can add it to our mailbox, or both. Block Users from Installing Third Party Apps When any app is deployed by an admin, it appears to overwrite any settings in Outlook that blocks the store. This seems to be a new functionality from Microsoft in 2024. To stop users from installing third party apps you should get your Global Admin to block this setting under M365 Admin - Integrated Apps - Deployed Apps (setting cog). ↑ Block 3rd party apps under M365 Admin - Integrated Apps - Available Apps (settings cog).