Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised

Teams stores information in a local state file, including encrypted access tokens. A report from a French company explained how to extract and use those tokens with the Graph API. Is this important? It could be if attackers manage to gain access to a workstation, but at that point you’ve got other problems, and maybe using code to decrypt some tokens is the least of your troubles.

https://office365itpros.com/2025/10/27/local-state-file-teams/