Why Are Microsoft’s New API Rules Causing Such Frustration for Admins?
Microsoft is changing how outside apps connect to Exchange Online and Teams. This update improves your organization’s security. Starting in late October 2025, any new app not made by Microsoft will need an administrator’s permission to access your company’s data.
This change is part of Microsoft’s commitment to making its products secure from the start. It means that by default, access is restricted. This policy helps prevent unauthorized apps from seeing sensitive information in emails or team chats. Only apps that an administrator has approved can get through. This update affects only new applications. Apps that you have already approved will continue to work as they did before.
The main goal is to give your IT administrators better control. They can now review every new app before it accesses company data. This process ensures that only trusted and necessary applications are used within your Microsoft 365 environment.
Actions for Administrators
To prepare for this change, administrators should take the following steps.
- Review which third-party apps currently have access to your Exchange and Teams data.
- Establish a clear process for employees to request and get approval for new apps.
- Inform your users about the new approval workflow to avoid confusion and delays.