This article provides a view of all application requests that have been rejected by the NHSmail Technical Design Authority (TDA). A justification will be provided as to the rationale behind the decision.
Please be aware that any subsequent requests for the same app will be rejected, unless it relates to a newer version.
For further information around approved/rejected NHSmail applications, the request process or application access please visit the following articles:
- Core 365 Application Catalogue (SharePoint, App Source, Teams)
- Custom and 3rd Party Applications
- ServiceNow request process for O365 stores
- Introduction to O365 Stores and Accessing Applications
- Managing Term Groups/Stores
|App Name||Justification for Rejection||Date of Rejection|
|Visio Data Visualizer||The platform is already equipped with this feature||30/11/2021|
|Google Analytics||The app is basically to capture all the SharePoint sites in the tenant and monitor their usages via Google analytics (needs integration with a google analytics account and then using google platform to morning SharePoint sites clicks/sessions/users/location etc.). This is not feasible to monitor all sites collections usage/clicks via an external google account.
This 3-4 years old app is not available in the official app store as it is developed as a project and is available on GitHub for download.
The app cannot be deployed in a site-level app catalogue.
This app requires to be deployed to all SharePoint sites via Global Catalogue so that all sites can be monitored via Google Analytics account – by configuring a Google Analytics account code in the global app deployment.
There is a Google Analytics connector available in the web parts section of SharePoint sites and can be used by users. It requires integrating a google account (with Google Analytics) to allow the connector to receive the analytics overview reports for their websites (not SharePoint sites) configured in Google Analytics.
|Metalogix Essentials||Quest Metalogix requires global tenant wide access. this cannot be provided. We have discussed with Quest and Quest have I understand been in contact. Quest Essentials we believe is the product you would be looking to use. Quest will be in contact.||22/12/2021|
|Spark email client||The application hosts data outside of the UK/EU and is non-compliant with the NHSmail guidance. Flexibits (Fantastical) servers are hosted on Google Cloud Platform in the US. In addition to this, the application has delegate permissions to EWS (Exchange Web Services) which allows the app to have the same access to mailboxes as the signed-in user.||25/01/2022|
|Cronofy (enterprise connect)||Cronofy Enterprise Connect requires granting permissions (Calendar Read/Write) that apply across the entire NHS tenant rather than using delegated permissions for individuals using the service. It also opens up data sharing to a number of platforms that as yet have not been assessed for data access and which could foreseeably extend without central oversight which would be difficult to allow.||31/01/2022|
|UiPath||The application doesn’t support multiple
organisations within a single tenant.
|Additional Add-in for 365 for TWINKLE||This application doesn’t have the required role based access control and would be granted access to all SharePoint sites on the tenant. therefore this cannot be approved.||15/03/2022|
|Fantastical||Data is held within the US and not EU or UK. The permissions couldn’t be constrained to just the individual organisation.||22/03/2022|
|Web Viewer||Application doesn’t work properly and isn’t being maintained.||29/03/2022|
|Zivver Outlook Plugin||Egress encryption is already available and provisioned for you on the nhs.net tenant. Please see https://support.nhs.net/article-categories/encryption/||12/04/2022|
|MS Whiteboard||Enabled on their devices.||29/04/2022|
|Clearooms Room Display v1.5.3||The calendars read/write all is a concern as it is app and not delegated. Opens up potential for any locked down calendars to be utilised. Potentially can be locked down to cover a group of mailboxes but not documented by the vendor. The app permissions cannot be constrained to a subset of users.||29/04/2022|
|Aternity||The app requires Application permissions level permissions for CallRecords.Read.All. That will allow the app to access Tenant level Teams usage call records. The scoping is not supported for this permission. If required, we can offer to have a follow on conversation with the suppliers.||03/05/2022|
|UiPath New York||The application doesn’t support multiple organisations within a single tenant, so it’s not scalable on the platform.||04/05/2022|
|RADAR Report Library (SPFx WebPart v1.0.0.)||The deployment of SPFx webpart for testing on the central tenant is not supported. Once the SPFx WebPart is fully developed and tested, another request can be raised for review, approval and deployment in the Global App Catalog.||09/05/2022|
|Excel-to-Word Document Automation||No response from org RY5.||28/06/2022|
|Kedance||Directory Sync, configuration required to sync users from the AAD to Kedance is not supported. Free trial doesn’t support integration for calendar, and we need to test and validate perms used for calendar integration||29/06/2022|
|Convene in Teams||Permissions provide the application access to tenant wide objects which can’t be supported or constrained appropriately. We also already provide the CVI capability on the platform which should provide you with similar functionality.||05/07/2022|
|Diligent Boards appears to be a stand-alone application on the Windows store. This will need to be installed locally by your Organisation. It’s up to the org to enable/disable it in the windows store. To add to your Business store, this will require the org to be using Intune.||20/07/2022|
|Fantastical calendar||The application hosts data outside of the UK/EU and is non-compliant with the NHSmail guidance. Flexibits (Fantastical) servers are hosted on Google Cloud Platform in the US. In addition to this, the application has delegate permissions to EWS (Exchange Web Services) which allows the app to have the same access to mailboxes as the signed-in user.||20/07/2022|
|Calendly||Due to the data sharing permissions of this app, it has been rejected. Calendly provides delegated read/write access to Exchange online and this could potentially cause data to become visible to more users without the owner taking action.||20/07/2022|
|Inspection and Manage inspections||This was turned off last year due to the fact that some curious trust users kept clicking on sample apps triggering creation of dataverse for their teams in the background, never to be used. There is a limit on the numbers of dataverse for teams, so we made the decision to disabled this completely. We cannot enable this per specific trust but tenant wide. Work around which was passed on to requestor was to build their own tenant and export same apps from there.||20/07/2022|
|Digital Communications||Not yet approved/published by the tenant admins and we don’t have/support Custom Teams App policies, the ChatBot will be accessible to all users on the platform. So Advised requestor to reach out to CoE team to test/improve and see if it will be suitable at the tenant level for all users.||20/07/2022|
|Lifesize version 1.0.3||The App Level permissions required cannot be granted.||20/07/2022|
|MetaCompliance Azure AD Sync||The application doesn’t work properly and isn’t being maintained. We have had to reject similar requests to this before.||20/07/2022|
|Microsoft 365 Learning Pathways||The team have assessed Learning Pathways and it isn’t compatible with multi-organisational requirements of the NHSmail tenant.||26/07/2022|
|Outlook Mail Merge Attachment||An app with this name could not be found. Please check and resubmit the request providing a link if possible.||23/08/2022|
|UBook||Unfortunately this request is rejected as it will require mail enabled security groups which is not a feature available yet in NHSmail. We plan for this feature to be available later this year at which point this request can be resubmitted.||23/08/2022|
|Planon Meeting Management||Can’t be implemented at this time as it relies on a security group being created and managed, for example when someone leaves your organisation. This functionality is in the pipeline and is planned for delivery later this year. Please can you resubmit this request again once security group functionality is available.||30/08/2022|
|Perkbox||Rejected as this application required application level permissions which can’t be appropriately scoped and are not generally supported on the shared tenant.||13/09/2022|
|Azure VPN Client||The application you have requested has already been implemented and is available via the appropriate catalogue via the Intune/Microsoft Store for business portal. This request has rejected as this should be raised with the Intune Live service team.||13/09/2022|
|MedXNote Beep||We currently can’t support the application based permissions that the application requires – most applications we accept used delegated based permissions to limit the scope of the application rather than opening up rights to the whole nhs.net organisation.||20/09/2022|
|Last Reviewed Date||23/09/2022|