Microsoft Teams is one of the most used communication and collaboration platforms in the world. Many organisations were forced to adopt it rapidly during the COVID-19 pandemic. As such, a little attention was given to Teams’ security aspects, leaving it open for possible attacks. In this session, two major security issues are introduced. The first issue is related to guest access, which allows people outside of the organisation to extract (possibly sensitive) information from Azure AD and Teams. The second issue is related to how Teams is handling specific policies only on the client-side. This allows regular users to perform actions blocked by policies using the same APIs the Teams client uses. In this demo packed session, MVP Dr. Nestori Syynimaa shows how to abuse Teams privacy, security and compliance, but also introduces applicable mitigation techniques.
Menu
