On April 18, 2025, Pitt Digital implemented an important change to improve the security and safety of both Microsoft Teams and Azure at the University. All Azure and Teams users are required to request a Vendor Security Risk Assessment to add new, unvetted apps and plugins to the University's environment. If the application is a custom internal app that will be not integrate with a third party vendor, then no vendor review is needed, but Pitt Digital Security will still need to review the requested permissions. Please request an Azure App creation here.
Pitt Digital Security will conduct a review to determine if the app/plugin presents security, privacy, or compliance risks to the University. Pitt Digital Security will also be contacting users of current apps/plugins to ensure they meet our security standards. Only those apps/plugins that pass a review will be permitted for use.
With over 2,900 Azure apps and a growing number of Teams plugins, maintaining safe and reliable systems is crucial. This change helps limit University data exposure, reduce risk, and uphold the existing Vendor Security Risk Assessment Operating Standard, protecting our systems from unapproved third parties.
Related Operating Standards: