Back to Documentation
Microsoft Office 365

Installing an Outlook Add-in from Microsoft Marketplace and Enabling It for All Users

Overview

This document explains how to install an Outlook add-in from Microsoft AppSource (Marketplace), deploy it to all users in your Microsoft 365 organization, and review security considerations before enabling access.

Note: To install the CyberCheck360 Outlook add-in, search for "CyberCheck360" in the Microsoft AppSource marketplace during the installation process.

Part 1: Installing an Outlook Add-in from Microsoft AppSource

Step 1: Sign in as Administrator

Log in to the Microsoft 365 Admin Center.

Required roles:

  • Global Administrator
  • Exchange Administrator

Step 2: Navigate to Integrated Apps

  1. Go to Settings
  2. Select Integrated apps
  3. Click Get apps

This opens Microsoft AppSource within the admin portal.

Step 3: Search for the Add-in

  1. Use the search bar to find the add-in by name.
  2. Select the application.
  3. Click Get it now or Add.

Note: To install CyberCheck360, search for "CyberCheck360" in the marketplace.

Step 4: Review Application Permissions

Before deployment, carefully review:

  • Mailbox access (Read / ReadWrite)
  • Ability to send or modify email
  • Attachment access
  • External API connectivity
  • Graph API permissions requested

Follow the principle of least privilege. If permissions exceed business requirements, reconsider deployment.

Click Continue once approved.

Step 5: Assign Users

Choose one of the deployment options:

  • Entire organization
  • Specific users or groups
  • Just me

To enable for all users:

  • Select Entire organization
  • Confirm deployment
  • Click Finish deployment

Step 6: Verify Deployment

Users may need to restart Outlook.

In Outlook:

  • Open an email
  • Click Apps or Add-ins
  • Confirm the add-in appears in the ribbon or toolbar

Part 2: Security Review Before Organization-Wide Deployment

Before enabling an Outlook add-in for all users, review the following key security areas.

1. Verify Publisher Identity

  • Confirm the vendor is legitimate
  • Check for verified publisher status in AppSource
  • Review vendor website and privacy policy
  • Confirm support contact information

2. Review API and Mailbox Permissions

Check whether the add-in requests:

  • Mail.Read
  • Mail.ReadWrite
  • Mail.Send
  • User.Read
  • Directory access

High-risk indicators:

  • Full mailbox read/write access
  • Ability to send emails on behalf of users
  • Access to attachments without clear business need

3. Data Processing and Residency

Understand:

  • Where is data processed?
  • Is email content transmitted externally?
  • Is data stored outside Microsoft 365?
  • Is encryption used in transit and at rest?

Ensure compliance alignment with regulations such as GDPR or industry-specific requirements.

4. Conditional Access and MFA Compatibility

Verify that the add-in:

  • Supports Multi-Factor Authentication
  • Works with Conditional Access policies
  • Does not bypass existing security controls

Review consent configuration:

  • Is admin consent required?
  • Can users self-consent?
  • Should user consent be restricted?

Best practice: Disable user self-consent for high-permission applications and require admin approval.

Part 3: Verifying Rights and Monitoring After Deployment

Review Enterprise Applications

  1. Go to Microsoft Entra Admin Center.
  2. Navigate to Enterprise Applications.
  3. Locate the deployed add-in.
  4. Review:
    • API permissions
    • User assignments
    • Sign-in logs
    • Consent history

Monitor Audit Logs

In Microsoft Purview or Compliance Center:

  • Review audit logs
  • Monitor mailbox access activity
  • Track consent changes
  • Review application behavior

Pilot Deployment Recommendation

Before deploying to the entire organization:

  1. Assign to a small test group.
  2. Monitor behavior and performance.
  3. Validate permission usage.
  4. Expand deployment after verification.

Key Security Focus Areas

When enabling Outlook add-ins organization-wide, prioritize:

  • Least privilege access
  • Verified publisher validation
  • Minimal mailbox permissions
  • Clear data handling transparency
  • Audit logging and monitoring enabled
  • Regular permission review

Outlook add-ins operate within the user mailbox context. Improperly reviewed add-ins may introduce data exposure or privilege misuse risks. A structured approval process reduces organizational risk.

Summary

To install and enable an Outlook add-in for all users:

  1. Use Microsoft 365 Admin Center → Settings → Integrated apps
  2. Search for the add-in (e.g., search "CyberCheck360" in marketplace if installing that add-in)
  3. Review permissions carefully
  4. Assign to Entire organization
  5. Verify deployment in Outlook
  6. Review permissions in Entra ID
  7. Monitor audit logs post-deployment

Always conduct a security review before organization-wide enablement.

Frequently Asked Questions (FAQ)

Who can install Outlook add-ins for the entire organization?

Only administrators with appropriate roles such as Global Administrator or Exchange Administrator can deploy add-ins organization-wide.

Can users install Outlook add-ins themselves?

Yes, depending on tenant settings. However, organizations can restrict user self-consent and require admin approval for security reasons.

How long does it take for the add-in to appear for users?

Deployment can take a few minutes. Users may need to restart Outlook or refresh Outlook Web for the add-in to appear.

How can I remove an add-in from all users?

  1. Go to Microsoft 365 Admin Center → Settings → Integrated apps.
  2. Select the add-in.
  3. Choose Remove deployment or modify user assignments.
  4. Save changes.

The add-in will be removed from assigned users.

How do I verify what permissions the add-in has after deployment?

Go to Microsoft Entra Admin Center → Enterprise Applications, select the application, and review:

  • API permissions
  • User assignments
  • Consent details
  • Sign-in logs

Can an Outlook add-in read all user emails?

It depends on the permissions granted. Some add-ins request Mail.Read or Mail.ReadWrite permissions. Always review permission scopes before approval and follow the principle of least privilege.

Does installing an Outlook add-in affect email security policies?

Add-ins operate within mailbox permissions but do not replace existing security controls such as:

  • Exchange transport rules
  • Conditional Access policies
  • Email security gateways

However, excessive permissions could introduce risk if not properly reviewed.

Should I deploy to the entire organization immediately?

It is recommended to deploy first to a small pilot group, monitor behavior, and then expand to the full organization after validation.

Where can I audit add-in activity?

Use:

  • Microsoft Entra sign-in logs
  • Microsoft Purview audit logs
  • Exchange mailbox audit logs

These tools help monitor application access and activity.

What should I do if an add-in requests excessive permissions?

Do not approve deployment immediately. Review vendor documentation, confirm business necessity, and consider alternative solutions if permissions exceed acceptable risk levels.