Forum Discussion
U.S. Government Outbound Connections on all Teams accounts
Hello, One of my customers I support has a massive amount of fraud being done by a high ranking executive. They brought in a security engineer to find the leak and I was just questioned on why Micros...
Did you ever get an answer sbouillon ...I had some very very serious and detailed issues after detecting this on all office suite from mobile. I do not want to elaborate here. Happy to chat about what was going on. Serious enough I have 85,000 screenshots of their next steps and am still looking it up 3 years after I had noticed it.
ConsentHost = "https://admin.microsoft.com/centrohost?appname=TFLUnifiedConsent&feature=host-unified-consent#/";
ConsentService = "https://consent.config.office.com";
ConsentWebService = "https://consentservice.microsoft.com/web/UnifiedUserConsent.ReadWrite";
DODCallingPOPResource = "https://ic3.dod.teams.microsoft.us";
DODIC3AADCAETokenEndpoint = "https://ic3.dod.teams.microsoft.us";
DODIC3AADTokenEndpoint = "https://ic3-non-cae.dod.teams.microsoft.us";
DODMeetingArtifactsService = "https://dod-mtis.cortana.ai/meetingArtifacts/api/v2/";
EDF = "https://teams.microsoft.com/registrar/prod";
EDFLife = "https://edge.skype.com/registrar/prod";
GCCHCallingPOPResource = "https://ic3.gov.teams.microsoft.us";
GCCHIC3AADCAETokenEndpoint = "https://ic3.gov.teams.microsoft.us";
GCCHIC3AADTokenEndpoint = "https://ic3-non-cae.gov.teams.microsoft.us";
GCCHMeetingArtifactsService = "https://gcch-mtis.cortana.ai/meetingArtifacts/api/v2/";
GCCMeetingArtifactsService = "https://gcc-mtis.cortana.ai/meetingArtifacts/api/v2/";
GallatinMeetingArtifactsService = "https://gallatin-mtis.cortana.ai/meetingArtifacts/api/v2/";
GroupsServiceAuthority = "https://login.microsoftonline.com/common/v2.0";
GroupsServiceEndpoint = "https://teams.live.com/api/groups";
GroupsServiceScopes = (
"https://groupssvc.fl.teams.microsoft.com/teams.readwrite"
);
IC3AADCAETokenEndpoint = "https://ic3.teams.office.com";
IC3AADTokenEndpoint = "https://ic3-non-cae.teams.office.com";
Image = "https://teams.microsoft.com/api/mt";
Location = "https://teams.live.com/api/location/prod/";
MSAITokenEndpoint = "https://msai.meetingintelligence.ai";
MSATenantProvider = "https://teams.live.com/api/mt";
MSAUserKeyDataEndpoint = "https://login.live.com/ppsecure";
MSGraphBaseUrl = "https://graph.microsoft.com/v1.0";
MeetingArtifactsService = "https://api.cortana.ai/MeetingArtifacts/api/v2";
Messenger = "https://dm2p-client-ss.msg.skype.com";
MiddleTierResourceLife = "service::api.fl.teams.microsoft.com::MBI_SSL";
MiddleTierService = "https://teams.microsoft.com/api/mt";
MiddleTierServiceBaseUrl = "https://teams.microsoft.com/api/mt/canary/beta";
NSSEndPoint = "https://teams.microsoft.com/api/nss";
OpenAIServiceAuthority = "https://login.microsoftonline.com/common/v2.0";
OpenAIServiceEndpoint = "https://teams.live.com/api/openai";
OpenAIServiceScopes = (
"https://teamsopenaisvc.fl.teams.microsoft.com/teams.readwrite"
);
OutlookService = "https://outlook.office.com";
Presence = "https://presence.teams.microsoft.com";
PresenceLife = "https://presence.teams.live.com";
PrivacySettingsManagerResource = "service::officeapps.live.com::MBI_SSL";
SchedulerService = "https://scheduler.teams.microsoft.com";
Search = "https://scsquery-ss-us.trafficmanager.net";
SkypeConversationServiceBaseUrl = "https://api.conv.skype.com";
StaticsCDN = "https://statics.teams.cdn.office.net";
StaticsCDNLife = "https://statics.teams.cdn.live.net";
SubstrateSearchService = "https://substrate.office.com";
SydneyService = "https://substrate.office.com/sydney";
TabsTokenEndpoint = "https://tabs.teams.microsoft.com";
TnCService = "https://teams.microsoft.com/api/mt";
Urlp = "https://urlp.asm.skype.com";
UserProfileService = "https://userprofilesvc.teams.microsoft.com";
UserStore = "https://api.flightproxy.teams.microsoft.com/api/v2/ep/api.userstore.skype.com";
Web = "https://teams.microsoft.com";
WebinarServiceEndpoint = "https://teams.microsoft.com/api/webinar/prod/webinar";
WeveService = "https://substrate.office.com/weve";
Whiteboard = "https://whiteboard.microsoft.com";
XDF = "https://xdf-api.skype.net";
chatSvcAggAfd = "https://teams.office.com/api/csa";
teamsAndChannelsProvisioningService = "https://teams.microsoft.com/fabric/amer/templates/api";
teamsAndChannelsProvisioningServiceDoD = "https://dod.teams.microsoft.us/fabric/dod/templates/api";
teamsAndChannelsProvisioningServiceGCC = "https://teams.microsoft.com/fabric/gcc/templates/api";
teamsAndChannelsProvisioningServiceGCCH = "https://gov.teams.microsoft.us/fabric/gov/templates/api";
} TSActionContext+Endpoints:90
2024-01-18T15:55:53.682Z [I-AH][EUII-Safe] Setting chat service endpoint to (null) TSActionContext+Endpoints:162
2024-01-18T15:55:53.682Z [E-AH]updateWithEndpoints missing critical endpoints. TSActionContext+Endpoints:745
2024-01-18T15:55:53.682Z [I-AH][TSSignInSSOViewController] viewWillAppear
2024-01-18T15:55:54.056Z [311-918][W-AH]signOut:removed all tenantDefaults TSSignInOutManager:782
2024-01-18T15:55:54.057Z [W-AH]Attempting to use authProvider implicitly without having an active account! TSAuthManager:379
2024-01-18T15:55:54.084Z [311-918][I-AH][TeamSpaceApp.TSTFLTeamsMultiViewController] viewDidDisappear
2024-01-18T15:55:54.084Z [311-918][I-AH][TSArrayTableViewController] viewDidDisappear
2024-01-18T15:55:54.116Z [311-918][I-AH]TSChatListViewController <TSChatListViewController: 0x10d5b7a00> - showEmptyStateView: 0, accountHandle:31155945-7AA8-4E9F-A8E3-7513F7174E3B::9188040d-6c67-4c5b-b112-36a304b66dad TSChatListViewController:3340
2024-01-18T15:55:54.117Z [311-918][I-AH]Cookies and cache deleted from WKWebView. TSSignInOutManager:1032
2024-01-18T15:56:08.640Z [I-AH][] Using MSAL auth provider with v1 app id and organizations endpoint TSEventReporter:3909
2024-01-18T15:56:08.640Z [I-AH][AuthProviderConfiguration] Using ClientId: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 TSEventReporter:3909
2024-01-18T15:56:08.640Z [I-AH][AuthProviderConfiguration] Using AAD RedirectUri x-msauth-ms-st://com.microsoft.skype.teams TSEventReporter:3909
2024-01-18T15:56:08.640Z [W-AH][MSALAuthProvider] Authority using tenantSpecifier organizations
2024-01-18T15:56:08.693Z [E-AH]Remove account success? 1 TSSignInSSOViewController:371
2024-01-18T15:56:08.693Z [W-AH]Attempting to use authProvider implicitly without having an active account! TSAuthManager:379
2024-01-18T15:56:12.416Z [I-AH]appWillResignActive TeamSpaceApp:2039
2024-01-18T15:56:12.416Z [I-AH]Calling (null): TSCallManager: applicationStateChange: active = 0 TSCallManager:7470
2024-01-18T15:56:13.330Z [I-AH]Set Trouter activityState 2 TSTrouterManager:235
2024-01-18T15:56:13.331Z [I-AH]appDidEnterBackground TeamSpaceApp:2115
2024-01-18T15:56:13.336Z [I-AH]114 Network requests in last 5 minutes
Timeout Errors: 0
Offline Errors: 0
Other Errors: 35
AXPUtilities:664
2024-01-18T15:56:13.357Z [311-918][I-AH]ImageLoader: Application state changed to UIApplicationDidEnterBackgroundNotification TSAttributedStringProcessor:1688
2024-01-18T15:56:13.370Z [I-AH]Disconnect to the window scene of session Id: BD4105E8-901A-40A3-861E-161BC8B3491C SceneDelegate:81
2024-01-18T15:56:13.375Z [I-AH]114 Network requests in last 5 minutes
Timeout Errors: 0
Offline Errors: 0
Other Errors: 35
AXPUtilities:664
2024-01-18T15:56:13.378Z [E-AH]Attempted to persist auth data for nil active account TSAuthManager+Keychain:111
2024-01-18T15:56:13.378Z [I-AH]Calling: App is exiting, stop skylib. TSSkyLibManager:1486
2024-01-18T15:56:15.113Z [I-AH]cannot set the user info for telemetry since there is no signed in user TSAuthManager:569
2024-01-18T15:56:15.115Z [LAUNCH] [EUII-Safe] Logging to file at path: /var/mobile/Containers/Data/Application/5E72595C-DE3D-4C16-8853-6F343D05A4FB/Library/Caches/Logs/com.microsoft.skype.teams
ConsentService = "https://consent.config.office.com";
ConsentWebService = "https://consentservice.microsoft.com/web/UnifiedUserConsent.ReadWrite";
DODCallingPOPResource = "https://ic3.dod.teams.microsoft.us";
DODIC3AADCAETokenEndpoint = "https://ic3.dod.teams.microsoft.us";
DODIC3AADTokenEndpoint = "https://ic3-non-cae.dod.teams.microsoft.us";
DODMeetingArtifactsService = "https://dod-mtis.cortana.ai/meetingArtifacts/api/v2/";
EDF = "https://teams.microsoft.com/registrar/prod";
EDFLife = "https://edge.skype.com/registrar/prod";
GCCHCallingPOPResource = "https://ic3.gov.teams.microsoft.us";
GCCHIC3AADCAETokenEndpoint = "https://ic3.gov.teams.microsoft.us";
GCCHIC3AADTokenEndpoint = "https://ic3-non-cae.gov.teams.microsoft.us";
GCCHMeetingArtifactsService = "https://gcch-mtis.cortana.ai/meetingArtifacts/api/v2/";
GCCMeetingArtifactsService = "https://gcc-mtis.cortana.ai/meetingArtifacts/api/v2/";
GallatinMeetingArtifactsService = "https://gallatin-mtis.cortana.ai/meetingArtifacts/api/v2/";
GroupsServiceAuthority = "https://login.microsoftonline.com/common/v2.0";
GroupsServiceEndpoint = "https://teams.live.com/api/groups";
GroupsServiceScopes = (
"https://groupssvc.fl.teams.microsoft.com/teams.readwrite"
);
IC3AADCAETokenEndpoint = "https://ic3.teams.office.com";
IC3AADTokenEndpoint = "https://ic3-non-cae.teams.office.com";
Image = "https://teams.microsoft.com/api/mt";
Location = "https://teams.live.com/api/location/prod/";
MSAITokenEndpoint = "https://msai.meetingintelligence.ai";
MSATenantProvider = "https://teams.live.com/api/mt";
MSAUserKeyDataEndpoint = "https://login.live.com/ppsecure";
MSGraphBaseUrl = "https://graph.microsoft.com/v1.0";
MeetingArtifactsService = "https://api.cortana.ai/MeetingArtifacts/api/v2";
Messenger = "https://dm2p-client-ss.msg.skype.com";
MiddleTierResourceLife = "service::api.fl.teams.microsoft.com::MBI_SSL";
MiddleTierService = "https://teams.microsoft.com/api/mt";
MiddleTierServiceBaseUrl = "https://teams.microsoft.com/api/mt/canary/beta";
NSSEndPoint = "https://teams.microsoft.com/api/nss";
OpenAIServiceAuthority = "https://login.microsoftonline.com/common/v2.0";
OpenAIServiceEndpoint = "https://teams.live.com/api/openai";
OpenAIServiceScopes = (
"https://teamsopenaisvc.fl.teams.microsoft.com/teams.readwrite"
);
OutlookService = "https://outlook.office.com";
Presence = "https://presence.teams.microsoft.com";
PresenceLife = "https://presence.teams.live.com";
PrivacySettingsManagerResource = "service::officeapps.live.com::MBI_SSL";
SchedulerService = "https://scheduler.teams.microsoft.com";
Search = "https://scsquery-ss-us.trafficmanager.net";
SkypeConversationServiceBaseUrl = "https://api.conv.skype.com";
StaticsCDN = "https://statics.teams.cdn.office.net";
StaticsCDNLife = "https://statics.teams.cdn.live.net";
SubstrateSearchService = "https://substrate.office.com";
SydneyService = "https://substrate.office.com/sydney";
TabsTokenEndpoint = "https://tabs.teams.microsoft.com";
TnCService = "https://teams.microsoft.com/api/mt";
Urlp = "https://urlp.asm.skype.com";
UserProfileService = "https://userprofilesvc.teams.microsoft.com";
UserStore = "https://api.flightproxy.teams.microsoft.com/api/v2/ep/api.userstore.skype.com";
Web = "https://teams.microsoft.com";
WebinarServiceEndpoint = "https://teams.microsoft.com/api/webinar/prod/webinar";
WeveService = "https://substrate.office.com/weve";
Whiteboard = "https://whiteboard.microsoft.com";
XDF = "https://xdf-api.skype.net";
chatSvcAggAfd = "https://teams.office.com/api/csa";
teamsAndChannelsProvisioningService = "https://teams.microsoft.com/fabric/amer/templates/api";
teamsAndChannelsProvisioningServiceDoD = "https://dod.teams.microsoft.us/fabric/dod/templates/api";
teamsAndChannelsProvisioningServiceGCC = "https://teams.microsoft.com/fabric/gcc/templates/api";
teamsAndChannelsProvisioningServiceGCCH = "https://gov.teams.microsoft.us/fabric/gov/templates/api";
} TSActionContext+Endpoints:90
2024-01-18T15:55:53.682Z [I-AH][EUII-Safe] Setting chat service endpoint to (null) TSActionContext+Endpoints:162
2024-01-18T15:55:53.682Z [E-AH]updateWithEndpoints missing critical endpoints. TSActionContext+Endpoints:745
2024-01-18T15:55:53.682Z [I-AH][TSSignInSSOViewController] viewWillAppear
2024-01-18T15:55:54.056Z [311-918][W-AH]signOut:removed all tenantDefaults TSSignInOutManager:782
2024-01-18T15:55:54.057Z [W-AH]Attempting to use authProvider implicitly without having an active account! TSAuthManager:379
2024-01-18T15:55:54.084Z [311-918][I-AH][TeamSpaceApp.TSTFLTeamsMultiViewController] viewDidDisappear
2024-01-18T15:55:54.084Z [311-918][I-AH][TSArrayTableViewController] viewDidDisappear
2024-01-18T15:55:54.116Z [311-918][I-AH]TSChatListViewController <TSChatListViewController: 0x10d5b7a00> - showEmptyStateView: 0, accountHandle:31155945-7AA8-4E9F-A8E3-7513F7174E3B::9188040d-6c67-4c5b-b112-36a304b66dad TSChatListViewController:3340
2024-01-18T15:55:54.117Z [311-918][I-AH]Cookies and cache deleted from WKWebView. TSSignInOutManager:1032
2024-01-18T15:56:08.640Z [I-AH][] Using MSAL auth provider with v1 app id and organizations endpoint TSEventReporter:3909
2024-01-18T15:56:08.640Z [I-AH][AuthProviderConfiguration] Using ClientId: 1fec8e78-bce4-4aaf-ab1b-5451cc387264 TSEventReporter:3909
2024-01-18T15:56:08.640Z [I-AH][AuthProviderConfiguration] Using AAD RedirectUri x-msauth-ms-st://com.microsoft.skype.teams TSEventReporter:3909
2024-01-18T15:56:08.640Z [W-AH][MSALAuthProvider] Authority using tenantSpecifier organizations
2024-01-18T15:56:08.693Z [E-AH]Remove account success? 1 TSSignInSSOViewController:371
2024-01-18T15:56:08.693Z [W-AH]Attempting to use authProvider implicitly without having an active account! TSAuthManager:379
2024-01-18T15:56:12.416Z [I-AH]appWillResignActive TeamSpaceApp:2039
2024-01-18T15:56:12.416Z [I-AH]Calling (null): TSCallManager: applicationStateChange: active = 0 TSCallManager:7470
2024-01-18T15:56:13.330Z [I-AH]Set Trouter activityState 2 TSTrouterManager:235
2024-01-18T15:56:13.331Z [I-AH]appDidEnterBackground TeamSpaceApp:2115
2024-01-18T15:56:13.336Z [I-AH]114 Network requests in last 5 minutes
Timeout Errors: 0
Offline Errors: 0
Other Errors: 35
AXPUtilities:664
2024-01-18T15:56:13.357Z [311-918][I-AH]ImageLoader: Application state changed to UIApplicationDidEnterBackgroundNotification TSAttributedStringProcessor:1688
2024-01-18T15:56:13.370Z [I-AH]Disconnect to the window scene of session Id: BD4105E8-901A-40A3-861E-161BC8B3491C SceneDelegate:81
2024-01-18T15:56:13.375Z [I-AH]114 Network requests in last 5 minutes
Timeout Errors: 0
Offline Errors: 0
Other Errors: 35
AXPUtilities:664
2024-01-18T15:56:13.378Z [E-AH]Attempted to persist auth data for nil active account TSAuthManager+Keychain:111
2024-01-18T15:56:13.378Z [I-AH]Calling: App is exiting, stop skylib. TSSkyLibManager:1486
2024-01-18T15:56:15.113Z [I-AH]cannot set the user info for telemetry since there is no signed in user TSAuthManager:569
2024-01-18T15:56:15.115Z [LAUNCH] [EUII-Safe] Logging to file at path: /var/mobile/Containers/Data/Application/5E72595C-DE3D-4C16-8853-6F343D05A4FB/Library/Caches/Logs/com.microsoft.skype.teams