How do I get an app/add-in approved for use within Microsoft 365?
Connections between Microsoft 365 and third-party services must be be reviewed by the SFU Privacy Office and IT Services before they can be made available to the university community.
To request a review, your third-party platform/service must have a completed Privacy Impact Assessment (PIA) and be part of an institutionally supported platform. Ad-hoc requests will not be considered. Institutional initiatives that involve integrations should ensure that the M365 Team in IT Services is involved in the providing information about the impact of the integration when the process is under review; institutional integrations without a PIA, or with a PIA that does not include the full impact on the M365 service cannot be approved.
For more information about completing a Privacy Impact Assessment see the SFU Privacy Office's website.
Get Started with a Privacy Impact Assessment
Why does an app/add-in need to go through a review process?
As a B.C. public institution, the university has a responsibility to review how apps/add-ins access data associated with SFU Microsoft 365 accounts.
By going through a formal review process, the university can assess how an app/add-in will manage, transmit, store or transform data associated within Microsoft 365 cloud services. This process helps ensures the security and safety of third party apps and add-ins as they interact with a variety of different data permissions (from basic profile information to email calendar information).
What's the difference between ad-hoc apps/add-ins and institutionally supported ones?
An institutionally supported app is adopted by department/unit for business, research, or learning needs within the university. For example, a student advising team may have a third-party app that connects to staff email calendars to help students book appointments, or the SFU library may advertise a citation add-in in Microsoft word to help the university with referencing.
In contrast, ad-hoc apps/add-ins are personal tools adopted by an individual. For example, this may be a third-party app you use to organize files for your personal non-SFU work but also want it to connect to your SFU OneDrive space so you can manage files within a single app. Generally speaking, ad-hoc apps for individuals will not be approved. When an app or add-in is enabled in the Microsoft 365 platform, that app or add-in typcially becomes available to the entire university community, regardless of the intention of the requesting individual. That scope then requires Privacy and Security Assessments to be completed in order to understand the risk to SFU data and personally identifiable information. Those processes can take significant time and effort (sometimes months of work between multiple departments): without the support for resources from a project or institutional initiative, there would be no assigned resources, and ultimately potential support and security concerns after deployment.
What apps/add-ins are already available?
Apps/add-ins that have already undergone a review are maintained in the list below.
| App Name |
Application Type |
Available to |
| Gmail |
Email Client |
All SFU |
| Apple Mail |
Email Client |
All SFU |
| Samsung Mail |
Email Client |
All SFU |
| Thunderbird |
Email Client |
All SFU |
| TBSync Add-on for Thunderbird |
Email Client Add-on |
All SFU |
| Zoom for Outlook |
Microsoft Outlook Add-in |
All SFU |
| Salesforce for Outlook |
Microsoft Outlook Add-in |
Select departments at SFU |
| Mendeley Cite for Word |
Microsoft Word Add-in |
All SFU |
| Crestron |
Exchange Online Integration |
Select departments at SFU |
Apps and add-ins that have been rejected/not-available
Apps/add-ins that have undergone a review but were not able to be approved are listed in the table below. Typically these applications fail to meet some compliance requirement and cannot be enabled. Without evidence of a substantive change in the application, requests for review will not be accepted for these apps and add-ins.
| App Name |
Application Type |
Reason |
| Grammerly |
add-in |
Unable to resolve compliance issues with BC FIPPA |
Frequently asked questions
How long does it take for an app/add-in to get approved?
Times for a review can vary depending on the permissions required, scope of users, and overall complexity of the integration. On average, a review may take 1-6 months to complete.
If an app/add-in is available, does that mean the platform it uses is also approved?
No. SFU only approves the app/add-in itself. This does not approve the platform overall by proxy. For example, if a social media app for MS Teams is available that doesn't approve the entire social media platform.
Many areas at SFU use a variety of services to help with the university's mission. Vetting apps/add-ins helps our community avoid less secure alternative accounts/methods to connect to those services.
can I use this to request apps/add-ins that don't integrate with microsoft products/services (e.g., canvas, Zoom)?
No. This request process is only for apps/add-ins that will leverage Microsoft products or services.
My app/add-in is broken, where can I get help?
Departments/units that adopt third-party apps/add-ins should refer to publisher documentation/support resources. SFU's IT Services does not provide direct support third-party apps/add-ins outside the integration with Microsoft 365.