If your business uses Microsoft 365, employees or yourself may have received a pop-up asking permission to access certain account data.

This article can assist you in making the best choice when this type of pop-up appears again.

What Is the "Permission Requested Pop-up"

A seemingly harmless window, called "Permission Requested Pop-up", periodically appears within applications like Outlook, Teams and SharePoint to prompt users to give an app or add-in access to their Microsoft account.

Users often quickly click the Accept button in order to close a pop-up, however when dealing with sensitive data contained within a Microsoft 365 account it should always be approached with care and discretion.

Understand the Risks of Excessively Broad Access

Applying for permission may seem simple or necessary in order to access certain features of a program; but have you considered who or WHAT will benefit from your grant of permission?

Your actions could give a third party access to:

Your account provides access to all files, emails and calendars accessible to you, all contacts (read and write them all as well), Teams chat messages (read only), user profiles in Microsoft 365 as well as all user profiles that are set up with it.

And much more. By accepting such requests, you could allow an unidentified third party to control your entire Microsoft environment - including all of its data - even after it has been uninstalled from its application.

Uses That Are Legal

Microsoft 365 has legitimate integration requirements for certain apps and add-ins; your job scheduling CRM, for instance, may need access to your calendar and email accounts in order to function.

Permission may be required for project management tools that enable teams to collaborate within SharePoint.

In such situations, it makes sense to give the requestor some form of permission.

What to Look for When Reviewing "Permissions Required"

It is critical that you fully comprehend and review any proposed permissions for external apps or add-ins that require access.

By reviewing the name of an app or add-in, it can help determine if your organization installed it, as well as determine if a third-party application may be suspicious. In such cases, it would be prudent to cancel such software that says either "Unverified" or "This application may be risky".

Check what permissions are being requested of you. Is it reasonable for an add-on that generates graphs to request full access to all of your emails, including their content? Most likely not.

Check with Your IT Team It is always wise to consult the IT staff of your organization or managed services provider prior to authorizing any requests submitted by an employee or managed services provider.

Companies employ policies for accessing Microsoft 365 data that comply with approved policies. This helps prevent unintended or unauthorized access, which could present potential security risks. It's worth taking extra precautions, even if that means delaying approval; taking extra measures helps maintain a safer environment.

Prevent security breaches or issues by having your IT team examine situations before they occur.

If you have questions or suspect that an app may have too much access, or believe that you may have given too much, we are more than happy to assist you. Call us at 📞 (404) 932-5940