Microsoft will begin rolling out a long-overdue update to Microsoft Teams in July 2026 that replaces the silent block screen with a guided request-and-review workflow for admin-blocked apps and AI agents. When a user hits a locked app, Teams will now route a request to IT through the Teams Admin Center, then notify the user when a decision is made. For administrators, the same update surfaces pending requests more visibly and collects them in a queue that can be filtered, reviewed, and acted on without chasing down emails or help desk tickets.
What actually changed in the July 2026 update
The feature, described in the Microsoft 365 Roadmap under ID 565424, lands in Teams on desktop, Mac, and the web for standard multi-tenant commercial tenants. The core mechanics shift a blocked app from a dead end into a workflow with four concrete improvements:
- In-app request path – When a user tries to add an app or agent that an admin has blocked, Teams now presents a guided form instead of a generic lock icon. The user can describe the business need, the intended audience, and urgency, then submit the request directly from the block screen.
- Request queue in Teams Admin Center – Every submission flows into a dedicated review queue under Teams apps > Manage apps > User requests (visible once the update reaches a tenant). Admins can see the app name, publisher, requesting user, request date, and a link to the app’s permissions page. The queue is part of the existing admin center, not a separate portal.
- Admin action and notification – From the queue, an admin can approve the app for the user, approve it for the whole organization, deny the request, or ask for more information. When they act, the requesting user receives a notification in Teams (in the Activity feed and as a banner), so the request doesn’t disappear into silence.
- Awareness signals – The admin center now surfaces new requests more prominently, with a counter in the left navigation and an alert-like indicator when requests are waiting. This is designed to prevent requests from stagnating in a corner of the console nobody checks.
These changes apply to both traditional Teams apps (tabs, bots, connectors) and the newer Copilot-era agents. Microsoft’s support documentation confirms that third-party apps, custom-built line-of-business apps, and first-party apps are all eligible for the flow, though tenants must be on the Teams update channel that includes the feature (standard worldwide rollout, no GCC/GCCH/DoD support at launch).
What the new request flow means for everyday users
For anyone who has clicked an app in Teams only to hit a generic “blocked” message, the most immediate win is predictability. The old experience gave you a lock icon and no next step. Now you get:
- A clear request button – Instead of guessing whether to open a help desk ticket, message IT in Teams, or email a distribution list, you click one button in the block screen.
- Context fields – You can explain why the app matters (e.g., “This CRM integration is needed by the sales team to log calls automatically”). That context travels with the request, so IT doesn’t have to play detective.
- Status visibility – After submitting, you’ll receive a confirmation, and later a notification when the request is approved or denied. The request status also appears in the same request history, so you aren’t left refreshing your inbox.
For users experimenting with AI agents — the kind that can summarize meetings, pull data from SharePoint, or automate email drafting — the workflow is identical. An agent that reads corporate files or uses Graph connectors may be blocked by policy, and the same request path applies. That matters because agents often look like harmless tools to an end-user but carry deeper access scopes.
One critical caveat: requesting does not mean approving. IT still holds the keys, and the notification may still be a “no.” But a curated “no” with a reason is vastly better than silence. Organizations that communicate rejection reasons (e.g., “This app doesn’t meet our data residency policy”) turn the flow into an educational moment rather than a rage-click generator.
What admins and IT pros gain (and lose)
For Teams administrators, the update doesn’t cede control; it adds a formal intake channel. The immediate practical changes:
- Centralized demand visibility – Instead of requests scattered across help desk systems, emails, Teams chats, and hallway conversations, you get one queue. The queue shows who asked, for what, and when, which makes it easier to spot trends (e.g., 30 people requesting the same project-management app).
- Faster triage – Because requests arrive with the app’s Microsoft 365 certification status, required permissions, and publisher information already linked, you can decide in a few clicks. A “deny” action can include a typed reason that the user sees.
- Reduced shadow IT pressure – When users have a visible, respectful path to request tools, they’re less likely to circumvent policy with personal accounts or browser extensions. The flow becomes a safety valve.
But there is a hidden cost: more visible demand means more administrative work. A team that previously tolerated the lock icon may now have a steady trickle of requests. Without a plan, the queue can become toxic. Microsoft’s update does not include automatic approval rules, business justification scoring, or integration with third-party IT service management tools — at least not in the initial rollout. Overwhelmed admins may still ignore requests, which defeats the purpose.
Microsoft’s own documentation recommends that organizations assign a dedicated request reviewer and set expectations for response times. The admin center allows filtering requests by status (pending, approved, denied, withdrawn), but it does not auto-escalate stalled items. That means the feature’s success depends on a human operating model.
How we got here: the long road from app lockout to managed demand
The blocked-app experience in Teams has been a friction point since third-party apps arrived in the store. For years, the lock icon was a blunt instrument: it told users “no” but rarely explained why, or how to appeal. In parallel, Microsoft poured energy into app governance back-end controls — app permission policies, app-centric management, publisher verification, and consent frameworks — giving admins granular power to say no. But the user-facing side remained a blank wall.
The push toward AI agents accelerated the problem. When Microsoft announced Copilot extensions and autonomous agents inside Teams (first previewed in late 2024, then expanded in 2025), the app store suddenly held objects that could act across documents, conversations, and connectors. Blocking an agent that can “summarize departmental files and send weekly emails” is a security decision, not a convenience toggle. Without a formal request path, users either gave up or found backchannels.
The July 2026 update is a direct descendant of the “Users can request access to Teams store apps” feature Microsoft previewed in early 2026 and documented in the Microsoft 365 admin center. That preview let admins enable a request pipeline for selected apps; the roadmapped version broadens it to all blocked apps and agents by default, with no opt-in required. It also adds the notification feedback loop that was missing in the preview, which treated requests as a one-way submission.
The timing aligns with Microsoft’s broader agent governance push. The company has been consolidating app, agent, and extension management under the Teams Admin Center and the Microsoft 365 admin center, with single-pane-of-glass reviews for permissions, data access, and certification status. This request flow is the end-user entry point into that governance story.
What to do now: practical steps before the rollout hits
Because the feature arrives in July 2026 but may take weeks to propagate across tenants, teams have a short window to prepare. Here’s what different stakeholders should do now:
For Teams administrators
- Assign clear ownership – Decide who will monitor the “User requests” queue. It could be a Teams admin, a collaboration owner, or a shared mailbox for a governance board. If nobody owns it, requests will pile up and users will revert to shadow channels.
- Set a response SLA – Even an informal target (e.g., “review all requests within three business days”) prevents administrative silence. Communicate that SLA to users once the feature goes live.
- Build a triage rubric – Not all requests are equal. A simple table helps:
| Request type | Default action | Escalation trigger |
|---|---|---|
| Low-risk tab (e.g., public dashboard) | Approve for requesting user | If more than 5 users request same app in one month, consider org-wide allow |
| Third-party connector (e.g., Salesforce integration) | Deny unless business unit sponsor approved | If from VP-level requester, forward to security review |
| Custom LOB app | Approve if publisher verified and in internal catalog | If permissions include Sites.Read.All or similar, escalate to data security team |
| AI agent with Graph access | Always deny initially, route to formal agent review board | If agent has “write” or “automate” scope, require legal and compliance sign-off |
- Educate users early – Before the rollout, send a brief Teams post or email: “Soon, when you hit a blocked app, you’ll see a request button. Here’s what that means, and here’s how we’ll handle your request.” Include a link to your internal governance policy. That prevents unrealistic expectations.
For help desk and support teams
- Document the new flow in your knowledge base. Train tier-1 staff to redirect blocked-app questions to the Teams request form rather than opening a generic ticket.
- Create a deflection script: “Please use the ‘Request approval’ button in Teams — that goes directly to our app governance team, and you’ll get a notification when they decide.”
For line-of-business and department leads
- Compile a list of apps already in use outside official channels (shadow IT). When the flow goes live, encourage users to request those apps through the sanctioned path so IT can evaluate them. This turns an audit nightmare into a manageable queue.
- If you sponsor an agent or custom app, prepare a one-page justification that explains the business purpose, data involved, and expected user base. That makes the admin’s review faster and increases the chance of approval.
For security and compliance teams
- Define agent-specific review criteria. The same approval button that works for a weather tab must not be treated identically for an agent that can read corporate email. Microsoft’s request form does not yet differentiate between app types in the admin queue, so your review process must layer risk on top.
- Audit the queue regularly. Look for patterns — repeated requests for the same uncertified app may signal a data exfiltration attempt or an overzealous sales team. Consider alerting on requests for apps flagged as “Microsoft 365 Certified: No” that touch high-sensitivity data.
Outlook: where the governed requests trend is heading
Microsoft’s July update solves the first-mile problem: it makes app and agent demand visible. But the downstream challenges — automated risk scoring, conditional approval policies, integration with ITSM platforms like ServiceNow — remain gaps that partners and the community will likely fill. Expect third-party tools that wrap the request queue with business workflows, budget codes, and compliance checks.
More importantly, this is a signal that Microsoft treats the Teams app store as the front door to the agent economy. As agents grow more autonomous, the “request” flow will need to evolve into a full lifecycle governance loop: request, review, deploy, monitor, revoke. The July 2026 update is the first piece of that loop that ordinary users can see. The next logical step is an admin-facing “agent risk assessment” that runs automatically when a new request lands, but that is not on the roadmap yet.
For now, the feature is a welcome correction to a long-standing gap. It turns a policy endpoint into a conversation, and in enterprise software, conversations are often the only path to trust.
References: Microsoft 365 Roadmap ID 565424; Microsoft Learn – “User requests to approve apps in Teams”; Microsoft Support – “Request app approval in Microsoft Teams”; Microsoft Tech Community – “Users can request access to Teams store apps” (preview announcement, 2025).