Merge pull request #16086 from ashishguptaiitb/apps-copyedit1

Edits to app management articles

Teams/app-centric-management.md

@@ -13,7 +13,7 @@ ms.collection:
   - M365-collaboration
   - Tier1
 search.appverid: MET150
-ms.date: 11/09/2024
+ms.date: 11/14/2024
 ms.reviewer: mhayrapetyan
 description: Manage access to Teams apps using app centric management.
 f1.keywords:
@@ -27,16 +27,22 @@ ms.custom: seo-marvel-apr2020
 # Use app centric management to manage access to apps
 
 > [!IMPORTANT]
-> All organizations don't have app centric management feature available. If you were not using custom permission policies and you weren't an enterprise customer, we migrated your organization to use this feature. If you are using custom permission policies or you are an enterprise customer, then you will soon be able to migrate to the app centric management feature on your own. For timelines, see [Message Center post MC688930](https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC688930) or [Microsoft 365 roadmap item 151829](https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=151829).
->
-> If you see policies on the [permission policies page](https://admin.teams.microsoft.com/policies/app-permission), continue to [use app permission policies](teams-app-permission-policies.md) or migrate to this feature on your own.
-> If your org is now using the app centric management feature, you see the following message on the permission policy page.
+> All organizations don't have app centric management feature available. If you were not using custom permission policies and you weren't an enterprise customer, we automatically migrated your organization to use this feature. You see the following message on the permission policy page:
 >
 > :::image type="content" source="media/acm-policy-page.png" alt-text="Screenshot showing the permissions policy change for organization that are using app centric management.":::
+>
+> If you're using custom permission policies or you're an enterprise customer, then you must manually migrate to the app centric management feature. For timelines, see [Message Center post MC688930](https://admin.microsoft.com/Adminportal/Home#/MessageCenter/:/messages/MC688930) or [Microsoft 365 roadmap item 151829](https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=151829).
+>
+> If you see policies on the [permission policies page](https://admin.teams.microsoft.com/policies/app-permission), continue to [use app permission policies](teams-app-permission-policies.md) or migrate to this feature on your own.
+
+With the introduction of app centric management functionality, admins have two methods to control the access and availability of apps and Copilot agents.
+
+* Continue to [use permission policies](teams-app-permission-policies.md).
+* Use the feature if already auto-migrated or [manually migrate to app centric management](#migrate-to-app-centric-management). It replaces app permission policies.
 
-App centric management functionality introduces a new way to control access to Teams apps for users and groups. It replaces app permission policies. This functionality lets you specify which users and groups can use each app and you can control it on a per-app basis.
+This functionality lets you specify which users and groups can use each app or a Copilot agent and you can control it on a per-app basis.
 
-You can manage access to apps for individual users, supported groups, or everyone in the organization. You have complete control over who can or can't add apps in your organization. You can also control the access to new apps that we publish to Teams app store.
+Whatever method your use, you can manage access to apps for individual users, supported groups, or everyone in the organization. You have complete control over who can or can't add apps in your organization. You can also control the access to new apps that we publish to Teams app store.
 
 ## How is app centric management different than permission policy
 
@@ -109,7 +115,7 @@ After migration, your blocked apps continue to remain unavailable to users. The
 
 ## Add or modify app availability for users
 
-To let users add and use an app, you must assign users or groups to an app. It takes up to 24-72 hours for the changes to take effect. In rare cases, it may take up to 6 days for the availability changes to reflect in the client.
+To let users add and use an app or a copilot agent, you must assign users or groups to an app. To make any apps or copilot agents available in your organization, ensure that the settings to allow these are the same in Teams admin center and in [Microsoft 365 admin center](/microsoft-365/admin/manage/manage-copilot-agents-integrated-apps) in the Integrated Apps page. It takes up to 24 hours for the changes to take effect. In rare cases, it may take up to 6 days for the availability changes to reflect in the client.
 
 1. In Teams admin center, go to the [Manage apps](https://admin.teams.microsoft.com/policies/manage-apps) page, search for the required app, and select the app name to open its app details page. You can't assign apps in bulk.
 

Teams/manage-apps.md

@@ -26,9 +26,13 @@ ms.localizationpriority: high
 
 In the Teams admin center, we provide a few dedicated pages and UIs to manage your apps. You manage apps for your organization in the **Manage apps** page in the Teams admin center portal. Use the URL [https://admin.teams.microsoft.com/policies/manage-apps](https://admin.teams.microsoft.com/policies/manage-apps) to view and govern the apps that are available in your organization's app catalog, evaluate apps before allowing those and find support information, manage availability of apps across your org on a per-user or per-app basis, and do more.
 
-:::image type="content" source="media/manage-apps.png" alt-text="Screenshot showing the Manage apps page in Teams admin center." lightbox="media/manage-apps.png":::
+:::image type="content" source="media/manage-apps-policy-org.png" alt-text="Screenshot showing the Manage apps page in Teams admin center." lightbox="media/manage-apps-policy-org.png":::
 
-To use Teams admin center, you must have a Teams Administrator role. For details, see [Teams administrator roles](./using-admin-roles.md) and [Microsoft 365 administrator roles](/microsoft-365/admin/add-users/about-admin-roles). Some admins with a higher privilege role can accomplish app governance tasks but we recommend using the lower privilege role when possible.
+If your organization uses [app centric management](app-centric-management.md) (whether migrated automatically or manually), you see a slightly different Manage Apps UI.
+
+:::image type="content" source="media/manage-apps-acm-org.png" alt-text="Screenshot showing the Manage apps page in Teams admin center after migration to app centric management." lightbox="media/manage-apps-acm-org.png":::
+
+To use Teams admin center, you must have a Teams Administrator role. Some admins with a higher privilege role can accomplish app governance tasks but we recommend using the lower privilege role where possible. For details, see [Teams administrator roles](./using-admin-roles.md) and [Microsoft 365 administrator roles](/microsoft-365/admin/add-users/about-admin-roles).
 
 App developers [extend Microsoft 365 Copilot](/microsoft-365-copilot/extensibility/) by creating Copilot agents, for example, Microsoft Teams message extension or a Power Platform connector. These Copilot agents increase user productivity across daily tasks and workflows. Admins manage Copilot agents in the [Integrated apps page](/microsoft-365/admin/manage/manage-plugins-for-copilot-in-integrated-apps) of the Microsoft 365 admin center.
 
@@ -63,17 +67,15 @@ App management tasks that are supported on other portals are in the table below.
 
 ## Allow or block apps
 
-As an admin, you control access to all [types of apps](apps-in-teams.md#types-of-teams-apps) that are used across your organization. Teams provides granular controls to configure access for each app and for each user.
-
-To allow an app, you must do all of the following settings. To block an app, just use any one of these settings.
+As an admin, you control access to all [types of apps](apps-in-teams.md#types-of-teams-apps) that are used across your organization. Teams provides granular controls to configure access for each app and for each user. To allow an app or a Copilot agent, you must do all of the following settings. To block an app, just use any one of these settings. Ensure that the app that you want to allow in Teams admin center is allowed in the Microsoft 365 admin center.
 
 | Method                                                                                                           | Scope      | Use case                                                                                  |
 |:-----------------------------------------------------------------------------------------------------------------|:-----------|:------------------------------------------------------------------------------------------|
 | [Org-wide app settings](#manage-org-wide-app-settings)                                                           | Org-level  | Use this setting to allow use of relevant apps in your org.                               |
-| Block or unblock apps                                                                                            | App-level  | Use this setting to allow a specific app in your org. You control which users use an app. |
+| Block or unblock apps                                                                                            | App-level  | Use this setting to allow a few specific apps in your org.                                |
 | [App permission policy](teams-app-permission-policies.md) or [app centric management](app-centric-management.md) | User-level | Let all users or let specific users use an app.                                           |
 
-You allow or block specific apps on either the Manage apps page or in the app details page. Manage apps page displays all the available app and the current org-level app status. To allow or block an app, follow these steps:
+You allow or block specific apps or a Copilot agent on either the Manage apps page or in the app details page. If you [allow or block a Copilot agent in Microsoft 365 admin center](/microsoft-365/admin/manage/manage-copilot-agents-integrated-apps), then ensure that the allow or block settings match in the Teams admin center and those match for the same group of people. Manage apps page displays all the available app and the current org-level app status. To allow or block an app, follow these steps:
 
 1. Sign in to the Teams admin center and access **Teams apps** > **[Manage apps](https://admin.teams.microsoft.com/policies/manage-apps)**.
 
@@ -105,6 +107,8 @@ As an admin, you use one of the following methods to define access to apps for y
 * [App permission policies](teams-app-permission-policies.md) if you use policy-based method to define app access.
 * App assignment if you use [app centric management](app-centric-management.md) to define app access.
 
+To make any apps or copilot agents available in your organization, ensure that the settings to allow these are the same in Teams admin center and in [Microsoft 365 admin center](/microsoft-365/admin/manage/manage-copilot-agents-integrated-apps) in the Integrated Apps page.
+
 ## Manage org-wide app settings
 
 Use org-wide app settings to control whether users with an [F license](https://www.microsoft.com/microsoft-365/enterprise/frontline) get the tailored frontline app experience, whether users can install third-party apps, and whether users can upload custom apps in your organization.
@@ -170,7 +174,7 @@ You may have queries about admin settings or configuration, user flows and app f
 * We don't provide direct customer support for Teams apps but we provide the following safeguards, health checks, and certification methods for apps:
 
   * We proactively check Teams apps for issues and inform the developer to update their app. Scenarios covered are related to app health, functional issues reported by users to Microsoft, security issues, and so on. For details, see [Microsoft enforcement actions for published apps](/microsoftteams/platform/concepts/deploy-and-publish/appsource/post-publish/overview#possible-enforcement-actions).
-  * For Publisher Attested and Microsoft 365 certified apps, Microsoft offers [security and compliance information](overview-of-app-certification.md#microsoft-365-certification). If app developers consent, Microsoft provides admins with the option to [download the detailed evidence submitted by developers](overview-of-app-certification.md#microsoft-365-certification) during the certification audits for apps or Copilot agents.
+  * For Publisher Attested and Microsoft 365 certified apps, Microsoft offers [security and compliance information](overview-of-app-certification.md#microsoft-365-certification). If app developers consent, Microsoft provides admins with the option to [download the detailed evidence submitted by developers](overview-of-app-certification.md#microsoft-365-certification) during the certification audits for apps or copilot agents.
   * Testing of all apps as part of its [app validation program](overview-of-app-validation.md) to ensure that all apps work as advertised. If apps don't work as suggested in the app listing, then we contact app developers to request either an update to the app. If app developers don't make the requested updates after a few reminders, we proactively remove the apps from Teams.
   * Certification to apps using [Microsoft 365 app compliance program](overview-of-app-certification.md) ensures that apps are compliant with the industry-standard frameworks.
 

Teams/teams-app-permission-policies.md

@@ -35,18 +35,25 @@ ms.custom:
 
 As an admin, you can use app permission policies to control the apps that are available to each user in your organization. The permissions you set to allow or block all apps or specific apps are applicable to all [types of apps in Teams](apps-in-teams.md). To understand policies, see [app permission policies](app-policies.md). You must be a Teams Administrator or have a higher role to manage these policies.
 
-To allow an app, you must allow it in [Org-wide app settings](manage-apps.md#manage-org-wide-app-settings), [individual app's setting](manage-apps.md#allow-or-block-apps), and app permission policy. While the first two settings just allow an app for use in your organization, the permission policies allow you to control which users can use a specific app. You control the access on a per-user and per-app basis by creating and applying the policy to specific users.
+To let your org users use a Teams app or a copilot agent, you must allow it in:
+
+* [Org-wide app settings](manage-apps.md#manage-org-wide-app-settings).
+* [Individual app's setting](manage-apps.md#allow-or-block-apps).
+* In app permission policy.
+* In Teams admin center and Microsoft 365 admin center.
+
+The first two settings just allow an app for use in your organization, the permission policies lets you to control which users can use a specific app. You control the access on a per-user and per-app basis by creating and applying the policy to specific users. To make any apps or copilot agents available in your organization, ensure that the settings to allow these are the same in Teams admin center and in [Microsoft 365 admin center](/microsoft-365/admin/manage/manage-copilot-agents-integrated-apps) in the Integrated Apps page.
 
 Teams admin center lets you create two types of permissions policies:
 
-* **Global (Org-wide default)** policy exists by default and applies to all users. Any changes made to this policy affect all users as this policy is applied to all users by default.
-* An admin-created policy applies only to the users that it's applied to. Create a new policy to allow apps for specific users.
+* **Global (Org-wide default)** policy exists by default and applies to all users. Any changes made to this policy affect all users.
+* **Custom policy** apply only to those users that you apply it to. You create and use custom policies to allow apps to specific users.
 
-   :::image type="content" source="media/app-permission-policy-trimmed.png" alt-text="Screenshot showing a new app permission policy being created.":::
+   :::image type="content" source="media/app-permission-policy-trimmed.png" alt-text="Screenshot showing custom and default app permission policies.":::
 
 If your organization is already on Teams, the app settings you configured in **Tenant-wide settings** in the Microsoft 365 admin center are reflected in **Org-wide app settings** on the [Manage apps](https://admin.teams.microsoft.com/policies/manage-apps) page in Teams admin center. If you're new to Teams and just getting started, by default, all apps are allowed in the org-wide global setting. It includes apps published by Microsoft, third-party software providers, and your organization.
 
-Alternately, you can use [app centric management](app-centric-management.md) to configure the access to apps on a per-app basis. It offers an easier method to configure access to apps. The app centric management functionality replaces app permissions policies by making it easier for admins to specify the users in their organization who can add or install Teams apps on a per-app basis. You can use only one method to define access to apps in your organization. If you choose to, you can migrate from app permission policies to app centric management using our migration UI.
+Alternately, you can use [app centric management](app-centric-management.md) to configure the access to apps on a per-app basis. It offers an easier method to configure access to apps. The app centric management functionality replaces app permissions policies. The feature makes it easier for you to specify the users in their organization who can add or install Teams apps on a per-app basis. You can use only one method to define access to apps in your organization. If you choose to, you can migrate from app permission policies to app centric management using our migration UI.
 
 > [!NOTE]
 > To know about third-party app settings in Microsoft 365 Government Community Cloud High (GCCH) and Department of Defense (DoD) environment, see [Manage org-wide app settings for Microsoft 365 Government](manage-apps.md#manage-org-wide-app-settings-for-microsoft-365-government).
@@ -60,10 +67,10 @@ Use one or more custom app permission policies, if you want to control the apps
 1. Provide a name and description for the policy.
 1. Under **Microsoft apps**, **Third-party apps**, and **Custom apps**, select one of the following options:
 
-    * Allow all apps
-    * Allow specific apps and block all others
-    * Block specific apps and allow all others
-    * Block all apps
+    * Allow all apps or copilot agents
+    * Allow specific apps or copilot agents and block all others
+    * Block specific apps or copilot agents and allow all others
+    * Block all apps or copilot agents
 
 1. If you selected **Allow specific apps and block all others**, add the apps that you want to allow:
 

Teams/toc.yml

@@ -1747,15 +1747,15 @@ items:
       items:
         - name: Overview of app management
           href: manage-apps.md
-        - name: Policies for app access and rollout
-          items: 
+        - name: Policies to access and install apps
+          items:
           - name: Understand app policies
             href: app-policies.md
-          - name: Manage app permission policies
+          - name: Manage permission policies for availability
             href: teams-app-permission-policies.md
-          - name: Manage app setup policies
+          - name: Manage setup policies for installation
             href: teams-app-setup-policies.md
-        - name: Use or migrate to app centric management
+        - name: Use app centric management
           href: app-centric-management.md
         - name: Preinstall apps for users
           href: install-teams-apps.md