Exclusive Media Partner

Abusing Teams privacy, security and compliance

Track: Advanced Technology
Level: 400 - Expert

Microsoft Teams is one of the most used communication and collaboration platforms in the world. Many organisations were forced to adopt it rapidly during the COVID-19 pandemic. As such, a little attention was given to Teams’ security aspects, leaving it open for possible attacks.

In this session, two major security issues are introduced. The first issue is related to guest access, which allows people outside of the organisation to extract (possibly sensitive) information from Azure AD and Teams. The second issue is related to how Teams is handling specific policies only on the client-side. This allows regular users to perform actions blocked by policies using the same APIs the Teams client uses.

In this demo packed session, MVP Dr. Nestori Syynimaa shows how to abuse Teams privacy, security and compliance, but also introduces applicable mitigation techniques.


You can download the presentation for this session below once the Speaker has uploaded it

Share this Session

Share on facebook
Share on twitter
Share on linkedin


Nestori Syynimaa
Dr Nestori Syynimaa is one of the leading Office 365 experts in the world and the developer of AADInternals toolkit. He has worked with Microsoft cloud services over a decade and was awarded an MVP (enterprise mobility, identity and access) in 2020. Currently, Dr Syynimaa works as a CIO for eight cities and municipalities in Finland and runs his own consulting business. Before moving to his current position, Dr Syynimaa worked as a consultant, trainer, researcher, and university lecturer for almost 20 years.Dr Syynimaa has been speaking in many international scientific and professional conferences, including IEEE TrustCom 2018, TechMentor Orlando 2017 & 2018, TechMentor Seattle 2018, Black Hat USA 2019, and Black Hat Europe 2019.
Vote for this session

Keep in touch

If you would like to be notified when we announce new events, please enter your details below.

We don’t share your email address with anyone. We don’t send you spam. We don’t try and sell to you.

You might get an email once every 60 days informing you of an upcoming event you may be interested in. That’s it.

The Microsoft Teams Conference Made By The Community, for the Community

© 2021 All rights reserved - Commsverse Ltd, Registered Company in England & Wales 12068652