What is the process for requesting a new application or add-in?

University of Toronto staff and faculty can request third-party applications and add-ins from the University’s Microsoft 365 team using this form. These requests are subject to a review process that could include:

  • Approval by the requester’s divisional IT administrators.
  • An evaluation by the Application Review Committee.
  • A risk assessment.

What kinds of applications can I request through the ARC?

University staff and faculty can request that third-party applications and add-ins that connect with their Microsoft 365 accounts be enabled. These requests are subject to a formal review process.

If you are requesting one of the following applications, please purchase a license through the Library. There is no need to submit a request through the Application Review Committee:

  • Microsoft Power BI Pro
  • Microsoft Project
  • Microsoft Visio

Why are some approved applications available to everyone, and why are some user restricted?

The availability of an approved application depends on its risk status. Two types of apps and add-ins can be implemented as part of the approval process:

    • Low-risk apps: Identified low-risk applications that do not access Microsoft 365 data are available for University-wide use. 
    • Higher risk apps: Applications that are higher risk and integrate with Microsoft 365 data can be enabled for specific user groups after going through a request and approval process. 

If you would like access to a higher risk application, please submit a request through the Enterprise Service Centre. 

Can I request an EASI application through the ARC?

No. Applications developed by EASI do not currently require an information risk assessment (IRM), but they do require a privacy impact assessment (PIA). These applications have an existing governance process and are outside the scope of the Application Review Committee.

Why do application requests need to go through the ARC?

Applications that integrate with University Microsoft 365 accounts must go through a formal request and review process. The review process looks at the application, its intended function and whether similar applications have already been approved. It also includes a risk assessment that specifically examines the type of account information the app will have access to once it is installed by a user. The review process is an important part of promoting the sustained efficacy and security of possible third party application solutions.