This article describes what third-party app consent is and how to request a technology review for software applications that require consent to access organizational or personal information.

App consent is the process through which you grant authorization to an application to access specific resources on your behalf. These resources could include your organization’s data or individual information. When you encounter an app that requests consent, it’s essentially asking for your permission to perform certain actions. This often includes the ability to access data and this data may include sensitive information that requires confidentiality.

What is Third-party Application Data Access Consent?

Many third-party applications include connectors to Microsoft 365 applications like Outlook, Teams, and OneDrive to provide enhanced capabilities while using the app - when a user attempts to use those connectors it generates what is known as an "app consent", an automated response regarding next steps to use the application with Microsoft 365. Ohio University members may only connect University-approved applications to the OHIO Microsoft 365 environment. This has been done to better protect University accounts and data, as well as to ensure all software being utilized on campus adheres to acceptable legal, security, and accessibility standards.

Not all third-party app consent requests require review - those that are requesting low risk access and are verified by Microsoft are automatically approved. These apps are subject to periodic review and access may be revoked as needed. Allowing access from a third-party app to the University's Microsoft 365 environment does not mean that the University endorses or provides support for the third-party app.  Note: Ohio University is not preventing you from using third-party applications independently and the apps will still continue to work, however, the app won't be able to connect to Ohio University Microsoft 365 data.

We recognize that using third-party applications can offer convenience and efficiency. However, it is essential we exercise caution and consider the potential legal, privacy, and data security risks associated with these third-party applications.  Data shared with such an application may contain sensitive university or personal information. For example, if consented an application may have the ability to read your email or calendar appointments. A third-party application's standard contractual language, included in most click-through consents, may not demonstrate the company’s commitment to protecting the privacy and security of your personal and university data. Therefore, only applications that are verified by Microsoft and already approved for use at OHIO will be permitted and all other applications will be denied. If you believe that you are receiving this message in error, and know that the application you want to consent is in fact approved for use at OHIO, you can create a request to seek an exception. We strongly encourage our OHIO community members to refrain from using unverified applications. If your request is directly related to a course requirement, please follow up with your instructor.

Reviews for exception requests will be processed within 30 (thirty) days of the request submission and once a review is completed you will be notified via the IT ticketing system.

If you load an application that requires application consent you will be presented with the following window.

In the window, please enter a justification for your request and select "Request Approval". Your request submission will prompt an email to you that includes additional information about the review process.

Get help from OIT

• For further assistance, please visit the Microsoft 365 page to submit a service ticket.

Additional resources

• User and Admin Consent in Microsoft Entra ID