By default, add-ins are blocked for Microsoft applications. Requesting that an add-in be enabled enables it for the whole PennO365 tenant; As such, it needs a more thorough review than might be expected for an individual add-in. This InfoSec review process has several stages, but the main tasks of the LSP are:
- To enter a ticket about the intended use and properties of the proposed add-in
- To bring the proposed add-in to the O365 Advisory Team (OAT) with basic information about use and risk
- To email either Purchasing Services (for low-risk) or OIS (for medium-risk and high-risk) if OAT agrees with the risk assessment
This is a document outlining the specifics of the whole process and a flowchart outlining the general process of the add-in request:
Flowchart (PDF) / Flowchart (PNG)