U.S. Government Outbound Connections on all Teams accounts

sbouillon JaneInvestigates730 

I have been dealing with this since 2022 and it’s been an absolute nightmare, I just tried to create a personal teams account and checkout these logs:

ConsentHost = "https://admin.microsoft.com/centrohost?appname=TFLUnifiedConsent&feature=host-unified-consent#/";
ConsentService = "https://consent.config.office.com";
ConsentWebService = "https://consentservice.microsoft.com/web/UnifiedUserConsent.ReadWrite";
DODCallingPOPResource = "https://ic3.dod.teams.microsoft.us";
DODIC3AADCAETokenEndpoint = "https://ic3.dod.teams.microsoft.us";
DODIC3AADTokenEndpoint = "https://ic3-non-cae.dod.teams.microsoft.us";
DODMeetingArtifactsService = "https://dod-mtis.cortana.ai/meetingArtifacts/api/v2/";
EDF = "https://teams.microsoft.com/registrar/prod";
EDFLife = "https://edge.skype.com/registrar/prod";
GCCHCallingPOPResource = "https://ic3.gov.teams.microsoft.us";
GCCHIC3AADCAETokenEndpoint = "https://ic3.gov.teams.microsoft.us";
GCCHIC3AADTokenEndpoint = "https://ic3-non-cae.gov.teams.microsoft.us";
GCCHMeetingArtifactsService = "https://gcch-mtis.cortana.ai/meetingArtifacts/api/v2/";
GCCMeetingArtifactsService = "https://gcc-mtis.cortana.ai/meetingArtifacts/api/v2/";
GallatinMeetingArtifactsService = "https://gallatin-mtis.cortana.ai/meetingArtifacts/api/v2/";
GroupsServiceAuthority = "https://login.microsoftonline.com/common/v2.0";
GroupsServiceEndpoint = "https://teams.live.com/api/groups";
GroupsServiceScopes = (
"https://groupssvc.fl.teams.microsoft.com/teams.readwrite"
);
IC3AADCAETokenEndpoint = "https://ic3.teams.office.com";
IC3AADTokenEndpoint = "https://ic3-non-cae.teams.office.com";
Image = "https://teams.microsoft.com/api/mt";
Location = "https://teams.live.com/api/location/prod/";
MSAITokenEndpoint = "https://msai.meetingintelligence.ai";
MSATenantProvider = "https://teams.live.com/api/mt";
MSAUserKeyDataEndpoint = "https://login.live.com/ppsecure";
MSGraphBaseUrl = "https://graph.microsoft.com/v1.0";
MeetingArtifactsService = "https://api.cortana.ai/MeetingArtifacts/api/v2";
Messenger = "https://dm2p-client-ss.msg.skype.com";
MiddleTierResourceLife = "service::api.fl.teams.microsoft.com::MBI_SSL";
MiddleTierService = "https://teams.microsoft.com/api/mt";
MiddleTierServiceBaseUrl = "https://teams.microsoft.com/api/mt/canary/beta";
NSSEndPoint = "https://teams.microsoft.com/api/nss";
OpenAIServiceAuthority = "https://login.microsoftonline.com/common/v2.0";
OpenAIServiceEndpoint = "https://teams.live.com/api/openai";
OpenAIServiceScopes = (
"https://teamsopenaisvc.fl.teams.microsoft.com/teams.readwrite"
);
OutlookService = "https://outlook.office.com";
Presence = "https://presence.teams.microsoft.com";
PresenceLife = "https://presence.teams.live.com";
PrivacySettingsManagerResource = "service::officeapps.live.com::MBI_SSL";
SchedulerService = "https://scheduler.teams.microsoft.com";
Search = "https://scsquery-ss-us.trafficmanager.net";
SkypeConversationServiceBaseUrl = "https://api.conv.skype.com";
StaticsCDN = "https://statics.teams.cdn.office.net";
StaticsCDNLife = "https://statics.teams.cdn.live.net";
SubstrateSearchService = "https://substrate.office.com";
SydneyService = "https://substrate.office.com/sydney";
TabsTokenEndpoint = "https://tabs.teams.microsoft.com";
TnCService = "https://teams.microsoft.com/api/mt";
Urlp = "https://urlp.asm.skype.com";
UserProfileService = "https://userprofilesvc.teams.microsoft.com";
UserStore = "https://api.flightproxy.teams.microsoft.com/api/v2/ep/api.userstore.skype.com";
Web = "https://teams.microsoft.com";
WebinarServiceEndpoint = "https://teams.microsoft.com/api/webinar/prod/webinar";
WeveService = "https://substrate.office.com/weve";
Whiteboard = "https://whiteboard.microsoft.com";
XDF = "https://xdf-api.skype.net";
chatSvcAggAfd = "https://teams.office.com/api/csa";
teamsAndChannelsProvisioningService = "https://teams.microsoft.com/fabric/amer/templates/api";
teamsAndChannelsProvisioningServiceDoD = "https://dod.teams.microsoft.us/fabric/dod/templates/api";
teamsAndChannelsProvisioningServiceGCC = "https://teams.microsoft.com/fabric/gcc/templates/api";
teamsAndChannelsProvisioningServiceGCCH = "https://gov.teams.microsoft.us/fabric/gov/templates/api";
} TSActionContext+Endpoints:90
2024-01-18T15:55:53.682Z [I-AH][EUII-Safe] Setting chat service endpoint to (null) TSActionContext+Endpoints:162
2024-01-18T15:55:53.682Z [E-AH]updateWithEndpoints missing critical endpoints. TSActionContext+Endpoints:745
2024-01-18T15:55:53.682Z [I-AH][TSSignInSSOViewController] viewWillAppear 
2024-01-18T15:55:54.056Z [311-918][W-AH]signOut:removed all tenantDefaults TSSignInOutManager:782
2024-01-18T15:55:54.057Z [W-AH]Attempting to use authProvider implicitly without having an active account! TSAuthManager:379
2024-01-18T15:55:54.084Z [311-918][I-AH][TeamSpaceApp.TSTFLTeamsMultiViewController] viewDidDisappear 
2024-01-18T15:55:54.084Z [311-918][I-AH][TSArrayTableViewController] viewDidDisappear 
2024-01-18T15:55:54.116Z [311-918][I-AH]TSChatListViewController <TSChatListViewController: 0x10d5b7a00> - showEmptyStateView: 0, accountHandle:31155945-7AA8-4E9F-A8E3-7513F7174E3B::9188040d-6c67-4c5b-b112-36a304b66dad TSChatListViewController:3340
2024-01-18T15:55:54.117Z [311-918][I-AH]Cookies and cache deleted from WKWebView. TSSignInOutManager:1032
2024-01-18T15:56:08.640Z [I-AH][] Using MSAL auth provider with v1 app id and organizations endpoint TSEventReporter:3909
2024-01-18T15:56:08.640Z [I-AH][AuthProviderConfiguration] Using ClientId: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 TSEventReporter:3909
2024-01-18T15:56:08.640Z [I-AH][AuthProviderConfiguration] Using AAD RedirectUri x-msauth-ms-st://com.microsoft.skype.teams TSEventReporter:3909
2024-01-18T15:56:08.640Z [W-AH][MSALAuthProvider] Authority using tenantSpecifier organizations 
2024-01-18T15:56:08.693Z [E-AH]Remove account success? 1 TSSignInSSOViewController:371
2024-01-18T15:56:08.693Z [W-AH]Attempting to use authProvider implicitly without having an active account! TSAuthManager:379
2024-01-18T15:56:12.416Z [I-AH]appWillResignActive TeamSpaceApp:2039
2024-01-18T15:56:12.416Z [I-AH]Calling (null): TSCallManager: applicationStateChange: active = 0 TSCallManager:7470
2024-01-18T15:56:13.330Z [I-AH]Set Trouter activityState 2 TSTrouterManager:235
2024-01-18T15:56:13.331Z [I-AH]appDidEnterBackground TeamSpaceApp:2115
2024-01-18T15:56:13.336Z [I-AH]114 Network requests in last 5 minutes
Timeout Errors: 0
Offline Errors: 0
Other Errors: 35
 AXPUtilities:664
2024-01-18T15:56:13.357Z [311-918][I-AH]ImageLoader: Application state changed to UIApplicationDidEnterBackgroundNotification TSAttributedStringProcessor:1688
2024-01-18T15:56:13.370Z [I-AH]Disconnect to the window scene of session Id: BD4105E8-901A-40A3-861E-161BC8B3491C SceneDelegate:81
2024-01-18T15:56:13.375Z [I-AH]114 Network requests in last 5 minutes
Timeout Errors: 0
Offline Errors: 0
Other Errors: 35
 AXPUtilities:664
2024-01-18T15:56:13.378Z [E-AH]Attempted to persist auth data for nil active account TSAuthManager+Keychain:111
2024-01-18T15:56:13.378Z [I-AH]Calling: App is exiting, stop skylib. TSSkyLibManager:1486
2024-01-18T15:56:15.113Z [I-AH]cannot set the user info for telemetry since there is no signed in user TSAuthManager:569
2024-01-18T15:56:15.115Z [LAUNCH] [EUII-Safe] Logging to file at path: /var/mobile/Containers/Data/Application/5E72595C-DE3D-4C16-8853-6F343D05A4FB/Library/Caches/Logs/com.microsoft.skype.teams

Did you ever get an answer sbouillon ...I had some very very serious and detailed issues after detecting this on all office suite from mobile. I do not want to elaborate here. Happy to chat about what was going on. Serious enough I have 85,000 screenshots of their next steps and am still looking it up 3 years after I had noticed it.