University of Toronto staff and faculty can request third-party applications and add-ins from the University’s Microsoft 365 team using this form. These requests are subject to a review process that could include:

• Approval by the requester’s divisional IT administrators.
• An evaluation by the Application Review Committee.
• A risk assessment.

Microsoft apps that are part of existing Microsoft licenses such as Power Automate, Power Apps and Sway are granted on a by-request basis. Some Microsoft apps such as Power BI Pro, Project and Visio require that additional licensing be purchased through U of T Libraries: How to Purchase Software. 

University staff and faculty can request that third-party applications and add-ins that connect with their Microsoft 365 accounts be enabled. These requests are subject to a formal review process.

If you are requesting one of the following applications, please purchase a license through the Library. There is no need to submit a request through the Application Review Committee:

• Microsoft Power BI Pro
• Microsoft Project
• Microsoft Visio

Depending on the tool, support for approved applications and add-ins will normally be provided by a user’s local IT units or by the product vendor. Before requesting an application, please discuss support with your local IT staff.

Applications with indicated user restrictions can be enabled for specific users/user groups after going through an approval process. For more information, please submit a ticket to the Enterprise Service Centre. 

The availability of an approved application depends on its risk status. Two types of apps and add-ins can be implemented as part of the approval process:

• • Low-risk apps: Identified low-risk applications that do not access Microsoft 365 data are available for University-wide use. 
  • Higher risk apps: Applications that are higher risk and integrate with Microsoft 365 data can be enabled for specific user groups after going through a request and approval process. 

If you would like access to a higher risk application, please submit a request through the Enterprise Service Centre. 

No. Applications developed by EASI do not currently require an information risk assessment (IRM), but they do require a privacy impact assessment (PIA). These applications have an existing governance process and are outside the scope of the Application Review Committee.

Applications that integrate with University Microsoft 365 accounts must go through a formal request and review process. The review process looks at the application, its intended function and whether similar applications have already been approved. It also includes a risk assessment that specifically examines the type of account information the app will have access to once it is installed by a user. The review process is an important part of promoting the sustained efficacy and security of possible third party application solutions.

University of Toronto staff and faculty can submit requests for new application integrations.