Questions and answers

Is it possible to separate the deployment between SSO and TEAMS App?

The deployments are separate, each service has its own app in Entra Enterprise Apps.

What data is accessible via SOFA on our TENANT?

We mostly write settings in SharePoint document libraries (reading and writing configuration in the document library), read user details, DisplayName, email, UPN, First name and Surname and some additional basic information. We load information in the user’s context, which means the app does not load anything by itself, only users are synchronized to Sofa based on preset rules.

If there are any initiating events, they read data from e-mail or from a SharePoint document library.

AzureAD (for synchronization): Teams Apps

How can we manage/restrict access to data accessible via SOFA so that only necessary data is left?

Sofa has delegated permissions, meaning that a Sofa user has the same permissions as the same user when accessing the data from any other app. The rules for Conditional Access and other DLP settings are respected, precisely for the delegated permissions.

From 02/04/2026, SharePoint Add-ins will be removed from SharePoint in Microsoft 365 and users will no longer be able to use SharePoint Add-ins. Installing SharePoint Add-ins from the SharePoint Store will no longer be possible from 1 July 2024. How will SOFA manage this?

This does not concern our solution at all, we are not using SharePoint Add-ins, as the technology is dated. From the beginning, we have been using SPFX (Sharepoint Framework).