Microsoft Teams wants to expose fraudsters more effectively

If Teams is configured for access from external contacts, unwanted guests may be able to join confidential company meetings. Microsoft now wants to prevent this more effectively with a new protection mechanism.

Detecting fraud

This can be seen in a post in the Microsoft 365 Admin Message Center, which is only available to Teams admins. If an external contact wishes to take part in a meeting, Microsoft's identity protection approach should kick in. This is designed to detect phishing attempts and display warning messages. Among other things, text windows then warn that unknown external contacts could be a danger and are looking for internal business information, for example.

This happens again and again: In August 2023, for example, criminals disguised as Microsoft support attempted to steal login data via Teams. The new security mechanism is designed to detect such intrusion attempts in advance so that contact is not established in the first place. To establish contact anyway, for example if it is a legitimate partner that is falsely recognized as spam, you have to nod off several warning messages to allow the chat.

Getting started soon

How this works technically in detail and the accuracy of the identity protection approach remains unclear. Microsoft states that it intends to activate the feature in mid-February. This will then happen automatically so that admins do not have to do anything.

To protect yourself from fraudsters until then, you can completely block external access in the Teams Admin Center. If access by external contacts is essential, admins can create a list of permitted domains to reduce the risk of phishing attempts.

(des)