Browse all topics
All guidesGlossary
Microsoft Teams

Microsoft Teams apps and tabs

How Teams apps, tabs, bots, and message extensions work — and how to govern them.

Microsoft Teams is a platform as well as a client. Apps extend Teams into other systems, and they show up in several different forms — tabs, bots, message extensions, personal apps, and meeting extensions. Knowing the shapes helps both users and admins.

The forms an app can take

  • Personal app — a private app on your sidebar, accessible only to you (Planner, Lists, OneNote in personal mode).
  • Tab — a pinned page inside a channel or chat (a SharePoint page, a Power BI report, a web app, a wiki).
  • Bot — a conversational agent in a chat or channel that responds to messages or events.
  • Message extension — actions in the message composer (search a system, share a card, run a workflow).
  • Meeting extension — apps that load inside a meeting's side panel or stage (polls, whiteboards, third-party tools).

Many published apps include multiple forms — for example, an HR system might offer a personal app, a tab, and a message extension.

Where apps come from

  • Microsoft and partner apps — published in the Teams store, ready to install with one click.
  • Custom apps — built by your organisation with the Teams Toolkit or Developer Portal and side-loaded or distributed internally.
  • Power Apps and Power Automate — canvas apps and flows can be deployed as Teams apps without writing code.

Governance

Apps run with user permissions, so they can read what the signed-in user can read. Governance therefore matters:

  • App permission policies decide which apps users can install.
  • App setup policies pin a default set of apps to specific user groups.
  • App centric management in the Teams admin center provides per-app, per-user controls.
  • Defender for Cloud Apps integrates for monitoring and risk scoring.

For Microsoft 365 Copilot, Copilot agents also surface through this app model — they're Teams apps with grounding and reasoning capabilities.

Lifecycle

Custom apps go through a manifest (.zip package) deployed via the Developer Portal or the Teams admin center. Apps can also be published to the organisation's catalog so users see only your approved third-party plus internal apps.

Get app governance right early. Once apps spread, retrofitting permission policies is much harder than starting strict and loosening as needed.